Open
Description
The AccessControl contract was implemented without checking that address arguments are not the zero address. This is because we have gone back and forth on the actual relevance of these checks. My current thinking is that the checks do provide value as a layer of protection against using address 0 accidentally, either after reading it from an uninitialized address in storage or as the return value of ecrecover. See the Nomad hack as an example where address 0 was involved in a related way.
Thus, I would suggest rejecting address zero when granting and revoking roles in AccessControl.