Blackadam

Zero Address check. The danger!!!

Zero Address check. The danger!!!

Adewale Iyanuoluwa Isaac's photo
Adewale Iyanuoluwa Isaac
·

3 min read

Table of contents

What is the zero address?

In Solidity, the zero address (also known as the null address) is a special address that represents an uninitialized or burn address. It is represented as 0x0 or 0x0000000000000000000000000000. It has no private key, so any token deposited into the address cannot be recovered.

Why do we need to check for the zero address

  1. To prevent loss of ownership. In the code snippet below we have a function updateOwner which is used to change the owner. if there is no address zero check for the parameters, the ownership of the contract will be lost forever and every other function that requires the owner/admin to call will be reverted because the owner has been changed to address zero.
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.4;

contract Test {
    address public owner;
    error notadmin(string);

    constructor(){
        owner = msg.sender;
    }

  modifier onlyAdmin {
    if (msg.sender != owner) {
        revert notadmin("not admin");
    }
    _;
  }

  function updateOwner(address newOwner) onlyAdmin external {
    // Check for address 0
    require(newOwner !=  address(0), "Invalid address");
    owner = newOwner;
  }
}
  1. address zero checks can be useful in situations where you need to ensure that a valid address is passed to a function before making a call to another function or contract.
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;

contract Test {
    function doSomething(address _addr) public {
        // Check for address 0
        require(_addr != address(0), "Invalid address");

        // Call another function if the address is valid
        _addr.call(abi.encodeWithSignature("doSomething(address)", _addr));
    }
    function doSomethingElse() public returns(address){
     // Function code goes here
        return msg.sender;
    }
}
  1. To prevent loss of tokens. sending tokens to address zero will result in a loss of funds. if the _to/receiver address is not checked against address zero when transferring a token and a user mistakenly sends a token to address zero. The token will be lost forever.

Furthermore, in Solidity, the address zero is used as a placeholder for some types of data. For example, the address zero is frequently used as a default value for uninitialized contract storage variables. In these circumstances, looking for address zero might help you confirm that your contract is handling uninitialized data correctly.

Nomad Bridge attack which cost the crypto market about $190M of liquidity drained was caused by lack of address zero check read more

Another example of an exploit that involved a missing address 0 check: https://medium.com/@QubitFin/protocol-exploit-report-305c34540fa3 3

How to check for zero address in your contract?

You can use the iszero built-in function in Solidity, which returns a boolean indicating whether an address is the zero address. The iszero function was introduced in Solidity version 0.8.0.

if (iszero(_userAddress)) {
    // _userAddress is the zero address
}
// it returns 'true' if _userAddress is the zero address and 'false' otherwise.

It can also be done using the equality operator (==) and the zero address literal:

if (_userAddress == 0x0) {
    // _userAddress is the zero address
}

kindly like and share.

address zeroSolidityBlockchainsmart contract security auditSmart Contracts