You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Constructor does not check if addresses are valid, only if the length of tokenAddresses and priceFeedAddresses is the same.
Vulnerability Details
Setting an invalid address either for tokenAddresses or priceFeedAddresses will pass silently as long as there are the same amount on both arrays but will leave the contract unusable since the constructor is not doing any other checks.
Impact
some Pricefeeds and tokenAddresses will be unusable since they are not valid
Tools Used
Manual review
Recommendations
add some checks at the constructor at least to see if not zero or the true tokens or price tokens.
The text was updated successfully, but these errors were encountered:
Unvalidated Token and Pricefeed Addresses: A Risk to Smart Contract Functionality
Severity
Medium Risk
Relevant GitHub Links
https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L112-L123
Summary
Constructor does not check if addresses are valid, only if the length of
tokenAddresses
andpriceFeedAddresses
is the same.Vulnerability Details
Setting an invalid address either for
tokenAddresses
orpriceFeedAddresses
will pass silently as long as there are the same amount on both arrays but will leave the contract unusable since the constructor is not doing any other checks.Impact
some Pricefeeds and tokenAddresses will be unusable since they are not valid
Tools Used
Manual review
Recommendations
add some checks at the constructor at least to see if not zero or the true tokens or price tokens.
The text was updated successfully, but these errors were encountered: