0xstormtrooper
commented
2 years ago If private keys are discovered for used burn address
This logic also applies to zero address
Closed code423n4 closed 2 years ago
0xstormtrooper
commented
2 years ago If private keys are discovered for used burn address
This logic also applies to zero address
alcueca
commented
2 years ago Dispute accepted.
Handle
hack3r-0m
Vulnerability details
https://github.com/code-423n4/2021-11-vader/blob/main/contracts/shared/ProtocolConstants.sol#L51
This burn address is used at several places which are different from the standard null address. However, contract checks for address validation for null address for operations. If private keys are discovered for used burn address or potentially future deployment of contract which can take advantage can lead to loss of funds.
add checks for burn address on transfers or change burn address to zero.