Lack of input validationn for address array

[code423n4]

Handle

JMukesh

Vulnerability details

Impact

There is no checking of address array in swapfees(), it may contain duplicate address or zero address due which function may get failed

Proof of Concept

https://github.com/code-423n4/2021-10-tally/blob/c585c214edb58486e0564cb53d87e4831959c08b/contracts/swap/Swap.sol#L243

Tools Used

manual review

Recommended Mitigation Steps

check the array before using it in loop

[Shadowfiend]

Duplicate of #81.

[0xean]

In some ways this is a dupe of #81 and in some ways its just not reasonable to check for duplicates on chain and would be best done off chain. Leaving as a dupe of #81.