Add Hint for Zero Address Allocation

[rajosch]

Context:
Solidity developers often make the mistake of assigning or comparing addresses to the zero address (0x0000000000000000000000000000000000000000). This can lead to vulnerabilities and bugs in smart contracts.

Suggestion:
Implement a new rule in Solhint to check for:

1. Assignments to the zero address.
2. Comparisons with the zero address.

Rationale:
This check will help developers avoid common pitfalls and ensure better security and reliability in their smart contracts.

References:

• RHO Incident

[dbale-altoros]

hello @rajosch
thanks a lot for suggesting

to understand:

• Assignments to the zero address:
  Are you referring to assign to a variable address(0) ? or what ?

• Comparisons with the zero address.
  Is this what you mean ?
  if (userAddress == address(0)) or if (userAddress == 0x0000000000000000000000000000000000000000)

please put examples... thanks

[rajosch]

Hi @dbale-altoros,

1. I am referring to cases where a variable is assigned the value address(0).
2. I am talking about instances where an assignment to the zero address is possible but not checked against. Example:

function transferOwnership(address newOwner) public {
    require(newOwner != address(0), "New owner cannot be the zero address");
    owner = newOwner;
}

My question is if there should be a hint to check for a zero address allocation if the require statement is not present.
This would help to prevent problems like this RHO incident.

[dbale-altoros]

sorry @rajosch I'm kind of swamp... I WILL take a look and get back to you as soon as i can