Add Hint for Zero Address Allocation

[rajosch]

Context:
Solidity developers often make the mistake of assigning or comparing addresses to the zero address (0x0000000000000000000000000000000000000000). This can lead to vulnerabilities and bugs in smart contracts.

Suggestion:
Implement a new rule in Solhint to check for:

1. Assignments to the zero address.
2. Comparisons with the zero address.

Rationale:
This check will help developers avoid common pitfalls and ensure better security and reliability in their smart contracts.

References:

• RHO Incident

[dbale-altoros]

hello @rajosch
thanks a lot for suggesting

to understand:

• Assignments to the zero address:
  Are you referring to assign to a variable address(0) ? or what ?

• Comparisons with the zero address.
  Is this what you mean ?
  if (userAddress == address(0)) or if (userAddress == 0x0000000000000000000000000000000000000000)

please put examples... thanks

[rajosch]

Hi @dbale-altoros,

1. I am referring to cases where a variable is assigned the value address(0).
2. I am talking about instances where an assignment to the zero address is possible but not checked against. Example:

function transferOwnership(address newOwner) public {
    require(newOwner != address(0), "New owner cannot be the zero address");
    owner = newOwner;
}

My question is if there should be a hint to check for a zero address allocation if the require statement is not present.
This would help to prevent problems like this RHO incident.

[dbale-altoros]

sorry @rajosch I'm kind of swamp... I WILL take a look and get back to you as soon as i can

[dbale-altoros]

@rajosch as juan capurro mentioned this is very hard to implement.
The methods i can think of to achieve this task require a lot of effort and I'm not sure we can get rid of false positives. On top of that I'm not sure if it worth to make that effort for this rule. It's not a bad rule at all... OFC you are can start or try coding it. We can discussed it, review it, etc.