F-2024-0010·missing-validation

Missing parameter validation in initialize function of BridgeTokenFactory

Acknowledgedbridgenearrainbow-bridgegithub.com/Near-One/rainbow-token-connector
TL;DR

initialize on BridgeTokenFactory does not validate _tokenImplementationAddress (zero check) or _minBlockAcceptanceHeight (range), allowing misconfigured deployments.

Severity
INFO
Impact
LOW
Likelihood
LOW
Method
MManual review
CAT.
Complexity
LOW
Exploitability
LOW
02Section · Description

Description

In the initialize function of the BridgeTokenFactory contract, the parameters _tokenImplementationAddress and _minBlockAcceptanceHeight are not validated. This oversight can lead to initialization with an invalid implementation address or an inappropriate block acceptance height.

The current implementation of the initialize function:

solidity
function initialize(
    address _tokenImplementationAddress,
    bytes memory _nearTokenLocker,
    INearProver _prover,
    uint64 _minBlockAcceptanceHeight
) external initializer {
    require(_nearTokenLocker.length > 0, "Invalid Near Token Locker address");
    require(address(_prover) != address(0), "Invalid Near prover address");


    nearTokenLocker = _nearTokenLocker;
    prover = _prover;
    minBlockAcceptanceHeight = _minBlockAcceptanceHeight;
    tokenImplementationAddress = _tokenImplementationAddress;


    __UUPSUpgradeable_init();
    __AccessControl_init();
    __Pausable_init_unchained();
    _grantRole(DEFAULT_ADMIN_ROLE, _msgSender());
    _grantRole(PAUSABLE_ADMIN_ROLE, _msgSender());
}
03Section · Impact

Impact

The initialize function in the BridgeTokenFactory contract lacks essential parameter validations for _tokenImplementationAddress and _minBlockAcceptanceHeight. Without these validations, the contract can be initialized with invalid parameters, leading to potential vulnerabilities or unintended behavior. Specifically:

  • Setting _tokenImplementationAddress to address(0) can cause the contract to point to an invalid implementation.
  • Allowing _minBlockAcceptanceHeight to be zero or an excessively high value can result in logical errors in the contract's operation.
04Section · Recommendation

Recommendation

Recommendations:

  • Validate _tokenImplementationAddress: ensure that _tokenImplementationAddress is not set to address(0).
  • Validate _minBlockAcceptanceHeight: ensure that _minBlockAcceptanceHeight is greater than zero and within a reasonable range.
solidity
function initialize(
    address _tokenImplementationAddress,
    bytes memory _nearTokenLocker,
    INearProver _prover,
    uint64 _minBlockAcceptanceHeight
) external initializer {
    require(_tokenImplementationAddress != address(0), "Invalid token implementation address");
    require(_nearTokenLocker.length > 0, "Invalid Near Token Locker address");
    require(address(_prover) != address(0), "Invalid Near prover address");
    require(_minBlockAcceptanceHeight > 0, "Block acceptance height must be greater than zero");
    require(_minBlockAcceptanceHeight <= type(uint64).max, "Block acceptance height exceeds uint64 max");


    nearTokenLocker = _nearTokenLocker;
    prover = _prover;
    minBlockAcceptanceHeight = _minBlockAcceptanceHeight;
    tokenImplementationAddress = _tokenImplementationAddress;


    __UUPSUpgradeable_init();
    __AccessControl_init();
    __Pausable_init_unchained();
    _grantRole(DEFAULT_ADMIN_ROLE, _msgSender());
    _grantRole(PAUSABLE_ADMIN_ROLE, _msgSender());
}
05Section · Resolution

Resolution

Unresolved.

ZEALYNX SECURITY · published 2024-06-03
F-2024-0010

oog
zealynx

Smart Contract Security Digest

Monthly exploit breakdowns, audit checklists, and DeFi security research — straight to your inbox

REQUEST AN AUDIT

Quick Links

Services

Company

Resources

© 2026 Zealynx