search

code-423n4 / 2021-07-spartan-findings

0 stars 0 forks source link

Synth: Can accidentally burn tokens by sending them to zero #159

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

cmichel

Vulnerability details

Vulnerability Details

The Synth._transfer function does not check if recipient != 0. Unlike standard ERC20, tokens can be accidentally burned this way.

Recommended Mitigation Steps

Prevent user errors by denying transfers to the zero address and forcing them to call burn instead.

verifyfirst commented 3 years ago

Don't send synths to a zero address

SamusElderg commented 3 years ago

No harm in adding these checks IMO, will look into it

ghoul-sol commented 3 years ago

Best practice, non-critical.