Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DRAFT: fix audit issue 184 #871

Merged
merged 2 commits into from
Dec 12, 2024
Merged

DRAFT: fix audit issue 184 #871

merged 2 commits into from
Dec 12, 2024

Conversation

davidbrai
Copy link
Collaborator

No description provided.

@davidbrai
don't allow nounsRecipient to be zero address
a1d38e3 
this will cause cancels to revert
@davidbrai davidbrai changed the base branch from master to verbs-stream-escrow-nouner-can-create-stream December 3, 2024 11:50
@netlify Netlify
Copy link

netlify bot commented Dec 3, 2024
edited
Loading

Deploy Preview for nouns-testnet ready!

Name Link
🔨 Latest commit a1d38e3
🔍 Latest deploy log https://app.netlify.com/sites/nouns-testnet/deploys/674ef0944ba0990008257983
😎 Deploy Preview https://deploy-preview-871--nouns-testnet.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@netlify Netlify
Copy link

netlify bot commented Dec 3, 2024
edited
Loading

Deploy Preview for nouns-home ready!

Name Link
🔨 Latest commit a1d38e3
🔍 Latest deploy log https://app.netlify.com/sites/nouns-home/deploys/674ef094578a670008637374
😎 Deploy Preview https://deploy-preview-871--nouns-home.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

eladmallel
eladmallel reviewed Dec 3, 2024
View reviewed changes
packages/nouns-contracts/contracts/StreamEscrow.sol Outdated
@@ -75,6 +75,7 @@ contract StreamEscrow is IStreamEscrow {
) {
daoExecutor = daoExecutor_;
ethRecipient = ethRecipient_;
require(nounsRecipient_ != address(0), 'zero address');
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you please put this requirement at the top of the function?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

eladmallel
eladmallel reviewed Dec 3, 2024
View reviewed changes
packages/nouns-contracts/contracts/StreamEscrow.sol
@@ -279,6 +280,7 @@ contract StreamEscrow is IStreamEscrow {
* @notice Allows the DAO to set the address that the Nouns tokens will be sent to when streams are canceled.
*/
function setNounsRecipient(address newAddress) external onlyDAO {
require(newAddress != address(0), 'zero address');
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you please add natspec that explains why we aren't accepting zero address, i.e. explain the potential griefing scenario briefly? something like:

"newAddress cannot be the zero address because that would cause all stream cancellations to revert, since the Nouns token contract does not permit sending tokens to the zero address"

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

@sherlock-admin2 sherlock-admin2 mentioned this pull request Dec 5, 2024
Open
@davidbrai davidbrai merged commit 4285edb into verbs-stream-escrow-nouner-can-create-stream Dec 12, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eladmallel eladmallel eladmallel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@davidbrai @eladmallel