From 08a3542fd1b4c87c0c6b7688eb68ae68195598d5 Mon Sep 17 00:00:00 2001 From: Akash Gianchandani Date: Tue, 23 Jan 2024 12:30:26 +0530 Subject: [PATCH] add missing zero address validation checks WIN-1733 --- contracts/Batcher.sol | 2 ++ contracts/Forwarder.sol | 1 + contracts/ForwarderFactory.sol | 4 ++++ contracts/ForwarderFactoryV4.sol | 5 +++++ contracts/ForwarderV4.sol | 2 ++ contracts/WalletFactory.sol | 4 ++++ contracts/WalletSimple.sol | 2 ++ contracts/recoveryContracts/RecoveryWalletFactory.sol | 1 + contracts/recoveryContracts/RecoveryWalletSimple.sol | 2 ++ 9 files changed, 23 insertions(+) diff --git a/contracts/Batcher.sol b/contracts/Batcher.sol index 1813866..446a78a 100644 --- a/contracts/Batcher.sol +++ b/contracts/Batcher.sol @@ -72,6 +72,7 @@ contract Batcher { for (uint8 i = 0; i < recipients.length; i++) { require(recipients[i] != address(0), 'Invalid recipient address'); emit BatchTransfer(msg.sender, recipients[i], values[i]); + (bool success, ) = recipients[i].call{ value: values[i], gas: transferGasLimit @@ -91,6 +92,7 @@ contract Batcher { uint256 value, bytes calldata data ) external onlyOwner returns (bytes memory) { + require(to != address(0), 'Invalid recipient address'); (bool success, bytes memory returnData) = to.call{ value: value }(data); require(success, 'Recover failed'); return returnData; diff --git a/contracts/Forwarder.sol b/contracts/Forwarder.sol index 2dc81a1..7f40b0d 100644 --- a/contracts/Forwarder.sol +++ b/contracts/Forwarder.sol @@ -136,6 +136,7 @@ contract Forwarder is IERC721Receiver, ERC1155Receiver, IForwarder { uint256 value, bytes calldata data ) external onlyParent returns (bytes memory) { + require(target != address(0), 'Invalid target address'); (bool success, bytes memory returnedData) = target.call{ value: value }( data ); diff --git a/contracts/ForwarderFactory.sol b/contracts/ForwarderFactory.sol index ebc46d6..7973536 100644 --- a/contracts/ForwarderFactory.sol +++ b/contracts/ForwarderFactory.sol @@ -14,6 +14,10 @@ contract ForwarderFactory is CloneFactory { ); constructor(address _implementationAddress) { + require( + _implementationAddress != address(0), + 'Invalid implementation address' + ); implementationAddress = _implementationAddress; } diff --git a/contracts/ForwarderFactoryV4.sol b/contracts/ForwarderFactoryV4.sol index 15e47bb..6f63bce 100644 --- a/contracts/ForwarderFactoryV4.sol +++ b/contracts/ForwarderFactoryV4.sol @@ -31,6 +31,10 @@ contract ForwarderFactoryV4 is CloneFactory { * @param _implementationAddress Address of the current forwarder implementation */ constructor(address _implementationAddress) { + require( + _implementationAddress != address(0), + 'Invalid implementation address' + ); implementationAddress = _implementationAddress; } @@ -67,6 +71,7 @@ contract ForwarderFactoryV4 is CloneFactory { bytes32 finalSalt = keccak256(abi.encodePacked(parent, feeAddress, salt)); address payable clone = createClone(implementationAddress, finalSalt); + emit ForwarderCreated( clone, parent, diff --git a/contracts/ForwarderV4.sol b/contracts/ForwarderV4.sol index 0d00a6a..1ad6c85 100644 --- a/contracts/ForwarderV4.sol +++ b/contracts/ForwarderV4.sol @@ -96,6 +96,7 @@ contract ForwarderV4 is IERC721Receiver, ERC1155Receiver, IForwarderV4 { * the sender to the forwarder itself */ emit ForwarderDeposited(address(this), value, msg.data); + (bool success, ) = parentAddress.call{ value: value }(''); require(success, 'Flush failed'); } @@ -164,6 +165,7 @@ contract ForwarderV4 is IERC721Receiver, ERC1155Receiver, IForwarderV4 { bytes calldata data ) external returns (bytes memory) { require(msg.sender == parentAddress, 'Only Parent'); + require(target != address(0), 'Invalid target address'); (bool success, bytes memory returnedData) = target.call{ value: value }( data ); diff --git a/contracts/WalletFactory.sol b/contracts/WalletFactory.sol index 92b2cf7..5f12d08 100644 --- a/contracts/WalletFactory.sol +++ b/contracts/WalletFactory.sol @@ -9,6 +9,10 @@ contract WalletFactory is CloneFactory { event WalletCreated(address newWalletAddress, address[] allowedSigners); constructor(address _implementationAddress) { + require( + _implementationAddress != address(0), + 'Invalid implementation address' + ); implementationAddress = _implementationAddress; } diff --git a/contracts/WalletSimple.sol b/contracts/WalletSimple.sol index 03c7844..44a4929 100644 --- a/contracts/WalletSimple.sol +++ b/contracts/WalletSimple.sol @@ -187,6 +187,8 @@ contract WalletSimple is IERC721Receiver, ERC1155Receiver { uint256 sequenceId, bytes calldata signature ) external onlySigner { + require(toAddress != address(0), 'Invalid destination address'); + // Verify the other signer bytes32 operationHash = keccak256( abi.encodePacked( diff --git a/contracts/recoveryContracts/RecoveryWalletFactory.sol b/contracts/recoveryContracts/RecoveryWalletFactory.sol index 58baca2..cbda11c 100644 --- a/contracts/recoveryContracts/RecoveryWalletFactory.sol +++ b/contracts/recoveryContracts/RecoveryWalletFactory.sol @@ -7,6 +7,7 @@ contract RecoveryWalletFactory is CloneFactory { address public implementationAddress; constructor(address _implementationAddress) { + require(_implementationAddress != address(0), 'Invalid implementation address'); implementationAddress = _implementationAddress; } diff --git a/contracts/recoveryContracts/RecoveryWalletSimple.sol b/contracts/recoveryContracts/RecoveryWalletSimple.sol index 6f1efeb..4e42393 100644 --- a/contracts/recoveryContracts/RecoveryWalletSimple.sol +++ b/contracts/recoveryContracts/RecoveryWalletSimple.sol @@ -20,6 +20,7 @@ contract RecoveryWalletSimple is IERC721Receiver, ERC1155Receiver { bool public initialized = false; // True if the contract has been initialized function init(address _signer) external onlyUninitialized { + require(_signer != address(0), 'Invalid signer address'); signer = _signer; initialized = true; } @@ -62,6 +63,7 @@ contract RecoveryWalletSimple is IERC721Receiver, ERC1155Receiver { uint256 value, bytes calldata data ) external onlySigner { + require(toAddress != address(0), 'Invalid destination address'); // Success, send the transaction (bool success, ) = toAddress.call{ value: value }(data); require(success, 'Call execution failed');