Giters

ampleforth / token-geyser-v2

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

VFY-02: Input Sanitization

thegostep opened this issue · comments

commented
type severity location
Logical Issue Minor https://github.com/ampleforth/token-geyser-v2/blob/c970676aaecb08e942fe1088a4b1ddcb26655fe6/contracts/Factory/VaultFactory.sol%23L15

Description:

The constructor of the VaultFactory contract accepts a single address argument that remains immutable beyond its assignment and is used as the underlying implementation of spawned instances. However, no check is imposed in the constructor to ensure that it is not accidentally set to the 0x0 address.

Recommendation:

We advise that a require check is imposed here to ensure the address is non-zero.