Sanity checks are important to not affect reputation / flows and users of the protocol when a mistake is done. 0 address should be checked for important address assignments (in this case, only done in the constructor) or function calls.
l2TokenFactory calls transfer ownership to a _governor in 1 step without checks. This can force a redeployment and affect the protocol.
l2TokenFactory.transferOwnership(_governor);
Also there are no sanity checks in L2ERC20Bridge.sol constructor in:
l1Bridge = _l1Bridge;
only assigned in the constructor and not checked for 0 address.
If wrongly assigned to 0 finalizeDeposit would get blocked.
The text was updated successfully, but these errors were encountered:
All reactions