Assessment reports>Yeet>Informational findings>VaultCircuitBreaker constructor is missing zero-address checks for admin
Category: Coding Mistakes

VaultCircuitBreaker constructor is missing zero-address checks for admin

Informational Severity
Informational Impact
N/A Likelihood

Description

In the VaultCircuitBreaker contract, when initializing the admin in the constructor, no zero-address check is performed.

constructor(
    address _admin,
    uint256 _rateLimitCooldownPeriod,
    uint256 _withdrawlPeriod,
    uint256 _liquidityTickLength
) {
    admin = _admin;
    rateLimitCooldownPeriod = _rateLimitCooldownPeriod;
    WITHDRAWAL_PERIOD = _withdrawlPeriod;
    TICK_LENGTH = _liquidityTickLength;
    isOperational = true;
}

Impact

If a zero address is included due to incorrect distribution in the admin address, there is no way to reset it, which could lead to potential issues.

Recommendations

We recommend adding the requisite checks to the constructor.

Remediation

This issue has been acknowledged by Sanguine Labs LTD, and a fix was implemented in commit 8e0bf0ce.

Zellic © 2025Back to top ↑