[L05] Missing validations
Closed this issue · 2 comments
cylon56 commented
There are some places in the code base that might benefit from some sanity checks on the input provided:
- The
transferGovernor
andsetGovernor
functions of theConfigurator
are not checking the address to be non-zero. - The
CometRewards
constructor is missing the same check over the address parameter. - In line 260 of the
Comet
contract, thepriceFeed
is set but is not checked to retrieve a valid price. withdrawAndBorrowAmount
andrepayAndSupplyAmount
functions assume certain values over thenewPrincipal
but those should be required instead.
To reduce possible errors and make the code more rodust, consider adding sanity checks where needed.
toninorair commented
There are arbitrarily many bad addresses that can be set, checking for the zero address seems like added complexity for little gain. In addition, while further checks in Comet.sol
could be added, the contract is being optimized for efficiency and is up against a size limit, so we favor the current approach. The assumptions made by withdrawAndBorrowAmount
and repayAndSupplyAmount
are statically true of the contract.