_withdrawAttribution should validate that _to is not an empty address 0x0 to prevent accidental burns. Similarly, transferValue _destination param and withdrawValue _to param should also be checked against an empty address unless this is the intended functionality in some cases.
oishun1112
commented
2 years ago
Handle
pauliax
Vulnerability details
Impact
_withdrawAttribution should validate that _to is not an empty address 0x0 to prevent accidental burns. Similarly, transferValue _destination param and withdrawValue _to param should also be checked against an empty address unless this is the intended functionality in some cases.
Recommended Mitigation Steps
require _to != address(0)