Assessment reportsPublic findings
Back to Zellic site
Assessment reports>1inch Farming>Low findings>Insufficient validation of parameters
GeneralOverview
Findings
Low (5)Insufficient validationUndocumented codeInternal discrepancyMethods not exposedInsufficient test coverage
Informational (1)
Category: Business Logic

Insufficient validation of parameters

Low Severity
Low Impact
Low Likelihood

Description

The function setDistributor verifies that the new distributor is not the old distributor, but it does not verify that the new distributor is nonzero.

function setDistributor(address distributor_) external onlyOwner {
	address oldDistributor = distributor;
	require(distributor_ != oldDistributor, ”FP: distributor is already set”);
	emit DistributorChanged(oldDistributor, distributor_);
	distributor = distributor_;
}

Impact

If an incorrect/default input is supplied to any of these functions, it will result in the loss of funds and/or control over the mentioned farms.

Recommendations

Add zero checks to the affected functions.

Remediation

The issue has been acknowledged by 1inch. Their official response is reproduced below:

This behavior is by design:

a) Owner may change the distributor any time.

b) in case an owner wants to stop a farm from starting new farmings, they may set the address to zero.

Zellic © 2024Back to top ↑