Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Spectral Modelers>Discussion>Missing zero-address check in `setAdmin`
GeneralOverview
Findings
Critical (1)
High (2)
Medium (3)
Low (1)
Informational (1)
DiscussionReturn of staked tokensInsufficient testingMissing zero-address check in `setAdmin`
Threat ModelWhat are threat models?BeaconProxyDeployer.solCompetition.solCompetitionFactory.solModeler.solServiceAgreement.sol
Audit ResultsSummary

Missing zero-address check in setAdmin

The setAdmin function in the contract allows for changing the admin address. However, the current implementation lacks a check to prevent the new admin address from being set to the zero address (0x0).

function setAdmin(address _newAdmin) external onlyAdmin {
    admin = _newAdmin;
}

Allowing the admin address to be set to the zero address can lead to accidental or intentional locking out of administrative control.

Recommendations

Consider including a check to ensure that _newAdmin is not the zero address.

function setAdmin(address _newAdmin) external onlyAdmin {
    require(_newAdmin != address(0), "Admin address cannot be zero");
    admin = _newAdmin;
}

Remediation

This issue has been acknowledged by Spectral Finance, and a fix was implemented in commit fbe68d35.

Zellic © 2024Back to top ↑