Redundant zero address check in Bridge::registerKeyPairWithTransfer and Bridge::rotateToPublicKey
Two ZeroAddress() reverts can never fire, one is shadowed by an outer non-zero guard, the other is computed from a strictly validated 64-byte public key whose keccak256 hash collides to zero only with negligible probability.
Description
Two locations contain unreachable ZeroAddress() reverts that can never
trigger due to prior guards.
Location 1, registerKeyPairWithTransfer
Inside the confirming logic, the code first checks that the
outputAddress is non-zero:
if (ctx.confirming.outputAddress != address(0)) {
Then inside that same block, it checks again if the address is zero:
if (ctx.confirming.outputAddress == address(0))revert ZeroAddress();
This second check can never be true. If execution entered the block, it
already means ctx.confirming.outputAddress != address(0). The inner
revert is dead code.
Location 2, rotateToPublicKey
The code checks whether the derived owner address is zero:
if (existingOwnerAddress == address(0)) revert ZeroAddress();
However, this address is obtained from:
address existingOwnerAddress =getAddressFromPublicKey(ctx.unconfirmed.publicKey);
And getAddressFromPublicKey strictly enforces a 64-byte public key
before hashing with keccak256. Getting address(0) would require the
hash to end with 20 zero bytes, for a valid 64-byte input, the
probability is ~1/2^160, which is practically impossible.
Recommendation
- Remove the redundant inner zero-address check in
registerKeyPairWithTransfer. - Remove the zero-address check in
rotateToPublicKey.
Resolution
YadaCoin, Confirmed.
Zealynx, Fixed.
