When distributing tokens to winners the address of the winner is not checked to be non zero which could result in sending tokens to the 0 address if the token allows for transfers to the 0 address.
Impact
If a 0 address in the winners array was a mistake then the organizer could lose funds unnecessarily.
Tools Used
Manual
Recommendations
Check that the address of the winner is not 0 before transferring tokens and revert if it is.
Allowed to distribute to winner with 0 address
Severity
High Risk
Relevant GitHub Links
https://github.com/Cyfrin/2023-08-sparkn/blob/main/src/Distributor.sol#L145-L151
Summary
Possible fund loss if winner == address(0).
Vulnerability Details
When distributing tokens to winners the address of the winner is not checked to be non zero which could result in sending tokens to the 0 address if the token allows for transfers to the 0 address.
Impact
If a 0 address in the winners array was a mistake then the organizer could lose funds unnecessarily.
Tools Used
Manual
Recommendations
Check that the address of the winner is not 0 before transferring tokens and revert if it is.