You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Gateway and Uniswap router addresses are hardcoded only for UX purposes. Otherwise, devs would have to copy paste them every single time. I don't think there is a solution for this issue that wouldn't affect the dev experience.
File:
deploy.ts
Issue: Hardcoded default value for the
gateway
address.Analysis
The vulnerable implementation is as follows:
gateway
address is set to a default value, which may not be suitable for all deployment environments.How It Can Be Harmful
How to Mitigate the Issue
1. Validate Configurations: Ensure the
args.gateway
is valid during runtime.2. Use Environment Variables: Replace hardcoded values with environment variables to allow flexibility across different environments.
References
Guidance on implementing adjustable parameters to improve contract flexibility.
OpenZeppelin Blog
The text was updated successfully, but these errors were encountered: