Merge branch 'slither-warnings' into invalidate-nonce

ubiquity · Feb 17, 2024 · 4bc466f · 4bc466f
2 parents 6ce539b + 0429914
commit 4bc466f
Show file tree

Hide file tree

Showing 4 changed files with 73 additions and 4 deletions.
diff --git a/.github/workflows/slither.yml b/.github/workflows/slither.yml
@@ -0,0 +1,30 @@
+name: Slither Analysis
+
+on:
+  push:
+    branches: [ development ]
+  pull_request:
+    branches: [ development ]
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Run Slither
+      uses: crytic/slither-action@v0.3.1
+      id: slither
+      with:
+        node-version: 16
+        sarif: results.sarif
+        fail-on: none
+
+    - name: Upload SARIF file
+      uses: github/codeql-action/upload-sarif@v3
+      with:
+        sarif_file: ${{ steps.slither.outputs.sarif }}
diff --git a/script/Deploy001_NftReward.s.sol b/script/Deploy001_NftReward.s.sol
@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity ^0.8.13;
+pragma solidity ^0.8.20;
 
 import {Script} from "forge-std/Script.sol";
 import {NftReward} from "../src/NftReward.sol";

diff --git a/src/NftReward.sol b/src/NftReward.sol
@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity ^0.8.13;
+pragma solidity ^0.8.20;
 
 import "@openzeppelin/contracts-upgradeable/utils/cryptography/EIP712Upgradeable.sol";
 import "@openzeppelin/contracts-upgradeable/token/ERC721/ERC721Upgradeable.sol";
@@ -74,6 +74,8 @@ contract NftReward is Initializable, ERC721Upgradeable, OwnableUpgradeable, Paus
         public 
         initializer 
     {
+        require(_minter != address(0), "Minter cannot be zero address");
+        require(_initialOwner != address(0), "Initial owner cannot be zero address");
         __ERC721_init(_tokenName, _tokenSymbol);
         __Ownable_init(_initialOwner);
         __EIP712_init("NftReward-Domain", "1");
@@ -197,6 +199,7 @@ contract NftReward is Initializable, ERC721Upgradeable, OwnableUpgradeable, Paus
      * @param _newMinter New minter address
      */
     function setMinter(address _newMinter) external onlyOwner {
+        require(_newMinter != address(0), "Minter cannot be zero address");
         minter = _newMinter;
     }
 

diff --git a/test/NftReward.t.sol b/test/NftReward.t.sol
@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity ^0.8.13;
+pragma solidity ^0.8.20;
 
 import {Test, console} from "forge-std/Test.sol";
 import {NftReward} from "../src/NftReward.sol";
@@ -16,7 +16,7 @@ contract NftRewardTest is Test {
     address minter = vm.addr(minterPrivateKey);
 
     bytes public data;
-
+    
     function setUp() public {
         vm.prank(owner);
 
@@ -34,6 +34,36 @@ contract NftRewardTest is Test {
         nftReward = NftReward(address(proxy));
     }
 
+    function testSetup_ShouldRevert_IfMinterIsZeroAddress() public {
+        vm.prank(owner);
+        data = abi.encodeWithSignature(
+            "initialize(string,string,address,address)", 
+            "NFT reward", 
+            "RWD", 
+            owner,
+            address(0)
+        );
+        nftReward = new NftReward();
+        vm.expectRevert("Minter cannot be zero address");
+        ERC1967Proxy proxy = new ERC1967Proxy(address(nftReward), data);
+        nftReward = NftReward(address(proxy));
+    }
+
+    function testSetup_ShouldRevert_IfOwnerIsZeroAddress() public {
+        vm.prank(owner);
+        data = abi.encodeWithSignature(
+            "initialize(string,string,address,address)", 
+            "NFT reward", 
+            "RWD", 
+            address(0),
+            minter
+        );
+        nftReward = new NftReward();
+        vm.expectRevert("Initial owner cannot be zero address");
+        ERC1967Proxy proxy = new ERC1967Proxy(address(nftReward), data);
+        nftReward = NftReward(address(proxy));
+    }
+
     //==================
     // Public methods
     //==================
@@ -528,6 +558,12 @@ contract NftRewardTest is Test {
         assertFalse(nftReward.paused());
     }
 
+    function testSetMinter_ShouldRevert_IfMinterIsZeroAddress() public {
+        vm.prank(owner);
+        vm.expectRevert("Minter cannot be zero address");
+        nftReward.setMinter(address(0));
+    }
+
     function testInvalidateNonce_ShouldInvalidateNonce() public {
         // prepare arbitrary data keys
         bytes32[] memory keys = new bytes32[](1);