Ithil-protocol · OxMarco · Jan 3, 2024 · Jan 3, 2024
diff --git a/src/Vault.sol b/src/Vault.sol
@@ -75,6 +75,7 @@ contract Vault is IVault, ERC4626, ERC20Permit {
 
     function sweep(address to, address token) external onlyOwner {
         assert(token != asset());
+        assert(to != address(0));
 
         IERC20 spuriousToken = IERC20(token);
         uint256 amount = spuriousToken.balanceOf(address(this));

diff --git a/src/services/Service.sol b/src/services/Service.sol
@@ -23,6 +23,7 @@ abstract contract Service is IService, ERC721Enumerable, Ownable {
         address _manager,
         uint256 _deadline
     ) ERC721(_name, _symbol) {
+        assert(_manager != address(0));
         manager = IManager(_manager);
         locked = false;
         id = 0;

diff --git a/src/services/credit/CallOption.sol b/src/services/credit/CallOption.sol
@@ -79,6 +79,9 @@ contract CallOption is CreditService {
         if (_ithil == address(0)) revert InvalidParams();
         if (_initialPrice == 0) revert InvalidParams();
         if (_underlying == address(0)) revert InvalidParams();
+        if (_minLoan == 0) revert InvalidParams();
+        if (_halvingTime == 0) revert InvalidParams();
+        if (_tenorDuration == 0) revert InvalidParams();
 
         initialPrice = _initialPrice;
         underlying = IERC20(_underlying);
@@ -89,6 +92,7 @@ contract CallOption is CreditService {
         vestingTime = _initialVesting + block.timestamp;
 
         _vaultAddress = manager.vaults(_underlying);
+        if (_vaultAddress == address(0)) revert InvalidParams();
         // approve vault to spend underlying token for deposits
         // technically, it should be re-approved if the total volume exceeds 2^256
         // in practice, this event never happens, and in case just redeploy the service