search

code-423n4 / 2021-07-spartan-findings

0 stars 0 forks source link

Pool: Can accidentally burn tokens by sending them to zero #158

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

cmichel

Vulnerability details

Vulnerability Details

The Pool._transfer function does not check if recipient != 0. Unlike standard ERC20, tokens can be accidentally burned this way.

Recommended Mitigation Steps

Prevent user errors by denying transfers to the zero address and forcing them to call burn instead.

ghoul-sol commented 3 years ago

This is best practice, non-critical.