make a zero address check on SecuredLine.rollover #113
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
unsatisfactory
findings doesn't meet requirement
Comments
code423n4
added
2 (Med Risk)
|
Zero address checks are considered QA. |
|
dmvt marked the issue as unsatisfactory: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/audit/code4rena-2022-11-03/contracts/modules/credit/SecuredLine.sol#L48
Vulnerability details
Impact:
Making a zero address check on variable address newline will reduce a risk of making maliciously newline equal to zero address which can stop a function from being deployed on new line address.
Proof of concept:
https://github.com/debtdao/Line-of-Credit/blob/audit/code4rena-2022-11-03/contracts/modules/credit/SecuredLine.sol#L48
EscrowedLine._rollover(newLine);
https://github.com/debtdao/Line-of-Credit/blob/audit/code4rena-2022-11-03/contracts/modules/credit/SecuredLine.sol#L59
which can further effect _rollover function in EscrowedLine.sol contract.
function _rollover(address newLine) internal virtual returns(bool) {
require(escrow.updateLine(newLine));
return true;
}
https://github.com/debtdao/Line-of-Credit/blob/audit/code4rena-2022-11-03/contracts/modules/credit/EscrowedLine.sol#L89
Recommendation:
Make a necessary zero address check.
The text was updated successfully, but these errors were encountered: