sarangparikh22
commented
3 years ago We have taken a design decision to save gas by not checking for such cases. It is users fault if they send it to the address(0).
Closed code423n4 closed 2 years ago
sarangparikh22
commented
3 years ago We have taken a design decision to save gas by not checking for such cases. It is users fault if they send it to the address(0).
alcueca
commented
2 years ago I agree with the sponsor, checking of input data should happen off-chain except when it impacts the data integrity of the smart contracts themselves. Any user willing to bypass official frontends should be aware of the risks of doing so. It's not 2016 anymore.
Handle
pauliax
Vulnerability details
Impact
In TridentNFT consider preventing functions transfer and transferFrom when the recipient is empty (0x0) address. This essentially means a burn action and I think it would be better to expose a separate function for that so that accidents of unintentional burning can be avoided (e.g. ERC20 transfers usually prevent empty sender/recipient). You could also consider adding extra events for Mint/Burn actions. A similar issue was assigned a score of low in a previous contest: https://github.com/code-423n4/2021-07-sherlock-findings/issues/29
Recommended Mitigation Steps
Consider preventing transfers to 0x0.