Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>cyberRaise>Discussion>Insufficient input validation in deal and round creation
GeneralOverview
Findings
Medium (4)
Low (1)
Informational (1)
DiscussionInsufficient input validation in deal and round creationMissing explicit agreement existence check in voidExpiredDealThe proxy is deployed uninitialized
Threat ModelComponent: CyberCorp round and deal manager system
Audit ResultsAssessment Results

Insufficient input validation in deal and round creation

The DealManager and RoundManager contracts lack adequate input validation when creating deals or rounds. For example, proposeDeal in DealManager does not enforce that the _parties array contains exactly two elements, and proposeAndSignDeal in DealManager does not verify that the proposer parameter matches _parties[0].

Although these functions use the onlyOwner modifier, we recommend adding sanity checks. These checks help catch incorrect parameters early and prevent invalid agreements when CyberCorp accidentally supplies incorrect values during deal or round creation.

Zellic © 2025Back to top ↑