Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TOB-BOB-3] Lack of zero address checks in setBridgeProxyAddress #4

Open
technovision99 opened this issue Apr 12, 2024 · 0 comments
Open

[TOB-BOB-3] Lack of zero address checks in setBridgeProxyAddress #4

technovision99 opened this issue Apr 12, 2024 · 0 comments

Comments

@technovision99
Copy link

Lack of zero address checks in setBridgeProxyAddress

Severity: Informational
Difficulty: High
Type: Data Validation
Target: src/FusionLock.sol

Description

The setBridgeProxyAddress function is responsible for setting the Optimism Bridge address the FusionLock contract will use. However, there is no validation that the passed in l2bridgeProxyAddress is not zero. If the owner mistakenly passes in address(0) to the function, sending withdrawals to L2 will be blocked until the correct bridge address is set.

fusion-lock/src/FusionLock.sol

Lines 307 to 310 in 0e606d2

function setBridgeProxyAddress(address l2BridgeProxyAddress) external onlyOwner {
bridgeProxyAddress = l2BridgeProxyAddress;
emit BridgeAddress(l2BridgeProxyAddress);
}

Recommendations

Short term, validate that the parameter passed into the function is not the zero address.

Long term, use the Slither static analyzer to catch common issues such as this one. Consider integrating a Slither scan into the project’s CI pipeline, pre-commit hooks, or build scripts.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@technovision99