Skip to content

no validation checks in ControllerV1.sol initialize function() #57

Open
Open
no validation checks in ControllerV1.sol initialize function()#57
Labels
0 (Non-critical)Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisationbugSomething isn't workingsponsor acknowledgedTechnically the issue is correct, but we're not going to resolve it for XYZ reasons
@code423n4

Description

@code423n4
code423n4
opened on Jan 27, 2022

Handle

jayjonah8

Vulnerability details

Impact

In ControllerV1.sol in the initialize() function there are no validation checks on the passed in arguments before setting them to storage which can result in costly errors.

Proof of Concept

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/ControllerV1.sol#L33

Tools Used

Manual code review

Recommended Mitigation Steps

Add validation checks to addresses and the _oleWethDexData bytes argument.

Metadata

Metadata

Assignees

No one assigned

    Labels

    0 (Non-critical)Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisationbugSomething isn't workingsponsor acknowledgedTechnically the issue is correct, but we're not going to resolve it for XYZ reasons

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions