From 99328dfcc4acc0a8a6a00bd30c002b97ded23ad7 Mon Sep 17 00:00:00 2001
From: skosito <skostic9242@gmail.com>
Date: Wed, 7 Aug 2024 17:49:49 +0200
Subject: [PATCH] test for zero addresses

---
 v2/src/evm/GatewayEVM.sol  |  9 +++++++++
 v2/test/ERC20Custody.t.sol | 19 +++++++++++++++++++
 v2/test/GatewayEVM.t.sol   | 38 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 66 insertions(+)

diff --git a/v2/src/evm/GatewayEVM.sol b/v2/src/evm/GatewayEVM.sol
index 23e7bc77..9c793f13 100644
--- a/v2/src/evm/GatewayEVM.sol
+++ b/v2/src/evm/GatewayEVM.sol
@@ -130,6 +130,7 @@ contract GatewayEVM is
         nonReentrant
         returns (bytes memory)
     {
+        if (destination == address(0)) revert ZeroAddress();
         bytes memory result = _execute(destination, data);
 
         emit Executed(destination, msg.value, data);
@@ -156,6 +157,7 @@ contract GatewayEVM is
         nonReentrant
     {
         if (amount == 0) revert InsufficientERC20Amount();
+        if (to == address(0)) revert ZeroAddress();
         // Approve the target contract to spend the tokens
         if (!resetApproval(token, to)) revert ApprovalFailed();
         if (!IERC20(token).approve(to, amount)) revert ApprovalFailed();
@@ -192,6 +194,7 @@ contract GatewayEVM is
         nonReentrant
     {
         if (amount == 0) revert InsufficientERC20Amount();
+        if (to == address(0)) revert ZeroAddress();
 
         IERC20(token).safeTransfer(address(to), amount);
         Revertable(to).onRevert(data);
@@ -203,6 +206,8 @@ contract GatewayEVM is
     /// @param receiver Address of the receiver.
     function deposit(address receiver) external payable whenNotPaused nonReentrant {
         if (msg.value == 0) revert InsufficientETHAmount();
+        if (receiver == address(0)) revert ZeroAddress();
+        
         (bool deposited,) = tssAddress.call{ value: msg.value }("");
 
         if (!deposited) revert DepositFailed();
@@ -216,6 +221,7 @@ contract GatewayEVM is
     /// @param asset Address of the ERC20 token.
     function deposit(address receiver, uint256 amount, address asset) external whenNotPaused nonReentrant {
         if (amount == 0) revert InsufficientERC20Amount();
+        if (receiver == address(0)) revert ZeroAddress();
 
         transferFromToAssetHandler(msg.sender, asset, amount);
 
@@ -227,6 +233,8 @@ contract GatewayEVM is
     /// @param payload Calldata to pass to the call.
     function depositAndCall(address receiver, bytes calldata payload) external payable whenNotPaused nonReentrant {
         if (msg.value == 0) revert InsufficientETHAmount();
+        if (receiver == address(0)) revert ZeroAddress();
+
         (bool deposited,) = tssAddress.call{ value: msg.value }("");
 
         if (!deposited) revert DepositFailed();
@@ -250,6 +258,7 @@ contract GatewayEVM is
         nonReentrant
     {
         if (amount == 0) revert InsufficientERC20Amount();
+        if (receiver == address(0)) revert ZeroAddress();
 
         transferFromToAssetHandler(msg.sender, asset, amount);
 
diff --git a/v2/test/ERC20Custody.t.sol b/v2/test/ERC20Custody.t.sol
index 3a32c79e..36c92080 100644
--- a/v2/test/ERC20Custody.t.sol
+++ b/v2/test/ERC20Custody.t.sol
@@ -191,6 +191,16 @@ contract ERC20CustodyTest is Test, IGatewayEVMErrors, IGatewayEVMEvents, IReceiv
         custody.withdrawAndCall(address(token), address(receiver), amount, data);
     }
 
+    function testForwardCallToReceiveERC20ThroughCustodyFailsIfReceiverIsZeroAddress() public {
+        uint256 amount = 1;
+        bytes memory data =
+            abi.encodeWithSignature("receiveERC20(uint256,address,address)", amount, address(token), destination);
+
+        vm.prank(tssAddress);
+        vm.expectRevert(ZeroAddress.selector);
+        custody.withdrawAndCall(address(token), address(0), amount, data);
+    }
+
     function testForwardCallToReceiveERC20PartialThroughCustody() public {
         uint256 amount = 100_000;
         bytes memory data =
@@ -365,4 +375,13 @@ contract ERC20CustodyTest is Test, IGatewayEVMErrors, IGatewayEVMEvents, IReceiv
         vm.expectRevert(InsufficientERC20Amount.selector);
         custody.withdrawAndRevert(address(token), address(receiver), amount, data);
     }
+
+    function testWithdrawAndRevertThroughCustodyFailsIfReceiverIsZeroAddress() public {
+        uint256 amount = 1;
+        bytes memory data = abi.encodePacked("hello");
+
+        vm.prank(tssAddress);
+        vm.expectRevert(ZeroAddress.selector);
+        custody.withdrawAndRevert(address(token), address(0), amount, data);
+    }
 }
diff --git a/v2/test/GatewayEVM.t.sol b/v2/test/GatewayEVM.t.sol
index 112c80fc..4a1a8d00 100644
--- a/v2/test/GatewayEVM.t.sol
+++ b/v2/test/GatewayEVM.t.sol
@@ -171,6 +171,14 @@ contract GatewayEVMTest is Test, IGatewayEVMErrors, IGatewayEVMEvents, IReceiver
         gateway.execute(address(receiver), data);
     }
 
+    function testExecuteFailsIfDestinationIsZeroAddress() public {
+        bytes memory data = abi.encodeWithSignature("receiveNoParams()");
+
+        vm.prank(tssAddress);
+        vm.expectRevert(ZeroAddress.selector);
+        gateway.execute(address(0), data);
+    }
+
     function testForwardCallToReceiveNoParamsTogglePause() public {
         vm.prank(tssAddress);
         vm.expectRevert(abi.encodeWithSelector(AccessControlUnauthorizedAccount.selector, tssAddress, PAUSER_ROLE));
@@ -317,6 +325,12 @@ contract GatewayEVMInboundTest is Test, IGatewayEVMErrors, IGatewayEVMEvents, IR
         gateway.deposit(destination, amount, address(token));
     }
 
+    function testFailDepositERC20ToCustodyIfReceiverIsZeroAddress() public {
+        uint256 amount = 1;
+        vm.expectRevert("ZeroAddress");
+        gateway.deposit(address(0), amount, address(token));
+    }
+
     function testDepositEthToTss() public {
         uint256 amount = 100_000;
         uint256 tssBalanceBefore = tssAddress.balance;
@@ -336,6 +350,13 @@ contract GatewayEVMInboundTest is Test, IGatewayEVMErrors, IGatewayEVMEvents, IR
         gateway.deposit{ value: amount }(destination);
     }
 
+    function testFailDepositEthToTssIfReceiverIsZeroAddress() public {
+        uint256 amount = 1;
+
+        vm.expectRevert("ZeroAddress");
+        gateway.deposit{ value: amount }(address(0));
+    }
+
     function testDepositERC20ToCustodyWithPayload() public {
         uint256 amount = 100_000;
         uint256 custodyBalanceBefore = token.balanceOf(address(custody));
@@ -365,6 +386,15 @@ contract GatewayEVMInboundTest is Test, IGatewayEVMErrors, IGatewayEVMEvents, IR
         gateway.depositAndCall(destination, amount, address(token), payload);
     }
 
+    function testFailDepositERC20ToCustodyWithPayloadIfReceiverIsZeroAddress() public {
+        uint256 amount = 1;
+
+        bytes memory payload = abi.encodeWithSignature("hello(address)", destination);
+
+        vm.expectRevert("ZeroAddress");
+        gateway.depositAndCall(address(0), amount, address(token), payload);
+    }
+
     function testDepositEthToTssWithPayload() public {
         uint256 amount = 100_000;
         uint256 tssBalanceBefore = tssAddress.balance;
@@ -386,6 +416,14 @@ contract GatewayEVMInboundTest is Test, IGatewayEVMErrors, IGatewayEVMEvents, IR
         gateway.depositAndCall{ value: amount }(destination, payload);
     }
 
+    function testFailDepositEthToTssWithPayloadIfReceiverIsZeroAddress() public {
+        uint256 amount = 1;
+        bytes memory payload = abi.encodeWithSignature("hello(address)", destination);
+
+        vm.expectRevert("ZeroAddress");
+        gateway.depositAndCall{ value: amount }(address(0), payload);
+    }
+
     function testCallWithPayload() public {
         bytes memory payload = abi.encodeWithSignature("hello(address)", destination);