search

code-423n4 / 2021-09-sushitrident-findings

0 stars 0 forks source link

lack of input validation in Transfer() and TransferFrom() #153

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

JMukesh

Vulnerability details

Impact

There is no input validation of address in transfer() and transferFrom() in tridentErc20.sol due to which it , token can be send to the address(0)

Proof of Concept

https://github.com/sushiswap/trident/blob/ccd64a53f361ad06087c34bfa3a206afb7230f1c/contracts/pool/TridentERC20.sol#L67

https://github.com/sushiswap/trident/blob/ccd64a53f361ad06087c34bfa3a206afb7230f1c/contracts/pool/TridentERC20.sol#L83

Tools Used

manual review

Recommended Mitigation Steps

add input validation for the address in transfer() and transferFrom()

maxsam4 commented 2 years ago

Validation was removed for gas efficiency.