Category: Coding Mistakes
VaultCircuitBreaker constructor is missing zero-address checks for admin
Informational Severity
Informational Impact
N/A Likelihood
Description
In the VaultCircuitBreaker contract, when initializing the admin in the constructor, no zero-address check is performed.
constructor(
address _admin,
uint256 _rateLimitCooldownPeriod,
uint256 _withdrawlPeriod,
uint256 _liquidityTickLength
) {
admin = _admin;
rateLimitCooldownPeriod = _rateLimitCooldownPeriod;
WITHDRAWAL_PERIOD = _withdrawlPeriod;
TICK_LENGTH = _liquidityTickLength;
isOperational = true;
}
Impact
If a zero address is included due to incorrect distribution in the admin address, there is no way to reset it, which could lead to potential issues.
Recommendations
We recommend adding the requisite checks to the constructor.
Remediation
This issue has been acknowledged by Sanguine Labs LTD, and a fix was implemented in commit 8e0bf0ce↗.