Check _to is not empty

[code423n4]

Handle

pauliax

Vulnerability details

Impact

functions claimYield, _withdraw, and _unsponsor should validate that _to is not an empty 0x0 address to prevent accidental burns.

Recommended Mitigation Steps

Consider implementing the proposed validation: require _to != address(0)

[dmvt]

In this case assets are at risk due to external factors. A zero address check makes sense.

[naps62]

Fixed in https://github.com/sandclock-org/solidity-contracts/pull/85