Auditor Suggestion
Files Affected
solidity/src/FlowYieldVaultsRequests.sol
Description
-
The constructor accepts coaAddress without validating it's non-zero. While the owner can fix this via setAuthorizedCOA() (which does validate), deploying with coaAddress = address(0) creates a temporarily broken contract where all COA-gated functions revert until fixed.
-
Similarly, minimumBalance could be validated to be > 0 to prevent dust spam.
Recommendation
Add the recommended validations to the constructor.
Parent Issue: #15
Auditor Suggestion
Files Affected
solidity/src/FlowYieldVaultsRequests.solDescription
The constructor accepts
coaAddresswithout validating it's non-zero. While the owner can fix this viasetAuthorizedCOA()(which does validate), deploying withcoaAddress = address(0)creates a temporarily broken contract where all COA-gated functions revert until fixed.Similarly,
minimumBalancecould be validated to be > 0 to prevent dust spam.Recommendation
Add the recommended validations to the constructor.
Parent Issue: #15