_router should be checked.

Summary

if _router is an invalid address, it could lead to unexpected behavior

Vulnerability Detail

function _initialize(address _counterpart, address _router, address _messenger) internal {
    require(_counterpart != address(0), "zero counterpart address");
    require(_messenger != address(0), "zero messenger address");

    ReentrancyGuardUpgradeable.__ReentrancyGuard_init();
    OwnableUpgradeable.__Ownable_init();

    counterpart = _counterpart;
    messenger = _messenger;

    // @note: the address of router could be zero, if this contract is GatewayRouter.
    if (_router != address(0)) {
        router = _router;
    }
}

Impact

_router is an invalid address, it could lead to unexpected behavior.

Code Snippet

https://github.com/sherlock-audit/2024-08-morphl2/blob/main/morph/contracts/contracts/libraries/gateway/GatewayBase.sol#L68

Tool used

Manual Review

Recommendation

function _initialize(address _counterpart, address _router, address _messenger) internal { require(_counterpart != address(0), "zero counterpart address"); require(_messenger != address(0), "zero messenger address");

ReentrancyGuardUpgradeable.__ReentrancyGuard_init();
OwnableUpgradeable.__Ownable_init();

counterpart = _counterpart;
messenger = _messenger;

// Validate router if it is expected to be a contract address

@>> if (_router != address(0)) { require(_router.code.length > 0, "router must be a contract"); router = _router; } }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

119.md

119.md

_router should be checked.

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

119.md

Latest commit

History

119.md

File metadata and controls

_router should be checked.

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation