Active Boosts

#41359 [SC-Insight] Remove Manager of Address 0 is irrelevant and will never be reached

Submitted on Mar 14th 2025 at 09:48:30 UTC by @styphoiz for Audit Comp | Yeet

  • Report ID: #41359

  • Report Type: Smart Contract

  • Report severity: Insight

  • Target: https://github.com/immunefi-team/audit-comp-yeet/blob/main/src/StakeV2.sol

  • Impacts:

Description

Brief/Intro

The check for removing a manager with address 0 is unnecessary because the process does not allow adding a manager with address 0 in the first place.

Vulnerability Details

The code contains a check for address 0 in the removeManager function, but this condition can never be met since the addManager function explicitly prevents adding address 0 as a manager.

Impact Details

The following code demonstrates why the check in removeManager is redundant:

In the addManager function, there is a validation that rejects address 0:

As a result, address 0 can never be added to the managers mapping.

Consequently, the following check in removeManager serves no purpose, as address 0 cannot exist in the managers mapping:

Therefore, this line in removeManager is redundant and can be safely removed as this will already be rejected as Manager does not exist

References

Proof of Concept

Proof of Concept

See below PoC showcasing this test, PoC has been updated from the StakeV2.test.sol test case.

Previous41291 sc insight winner selection vulnerability in yeetback contract allows multiple reward for the same lucky winnerNext#41365 [SC-Critical] Vested tokens are counted as accumulated revenue

Was this helpful?