Closed code423n4 closed 3 years ago
shw
The doTransferOut functions in both CErc20 and CEther contracts do not check whether the recipient (address payable to) is non-zero, which could cause loss of funds if funds are accidentally sent to zero address.
doTransferOut
CErc20
CEther
address payable to
Referenced code: CEther.sol#L145-L148 CErc20.sol#L180-L199
None
Add checks require(to != address(0)) at the beginning of the doTransferOut functions.
require(to != address(0))
Duplicate #16
Recommended fix has been implemented.
Closing as this is a duplicate.
Handle
shw
Vulnerability details
Impact
The
doTransferOut
functions in bothCErc20
andCEther
contracts do not check whether the recipient (address payable to
) is non-zero, which could cause loss of funds if funds are accidentally sent to zero address.Proof of Concept
Referenced code: CEther.sol#L145-L148 CErc20.sol#L180-L199
Tools Used
None
Recommended Mitigation Steps
Add checks
require(to != address(0))
at the beginning of thedoTransferOut
functions.