Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Smart Vault>Informational findings>Missing vault check
GeneralOverview
Findings
Medium (1)
Low (4)
Informational (3)Gas optimizationMissing vault checkReward-token duplication
DiscussionReentrancy guard modifier
Threat ModelWhat are threat models?RewardVault.solSmartVault.solSmartVaultManager.sol
Audit ResultsAssessment Results
Category: Code Maturity

Missing vault check

Informational Impact
Informational Severity
N/A Likelihood

Description

The SmartVaultManager contract has functions to manage each vault. So each function checks if the vault address is valid. However, there are some functions that do not check if the vault address is valid.

  • pauseSmartVault

  • resumeSmartVault

  • updateVaultConfig

  • updateStakingVault

  • setStrategy

  • setWhitelistMode

  • updateStakingFactor

  • updateStakingEnabled

  • updateRewardConfig

  • addTokenToRewardList

  • updateRewardTokenList

Impact

While this is not a security issue, it could lead to unexpected behavior if the vault address is not valid.

Recommendations

Add a check that the vault address is valid in the functions that do not check if the vault address is valid.

Remediation

This issue has been acknowledged by River, and a fix was implemented in commit 8874ad53.

Zellic © 2025Back to top ↑