Closed code423n4 closed 2 years ago
pauliax
functions claimYield, _withdraw, and _unsponsor should validate that _to is not an empty 0x0 address to prevent accidental burns.
Consider implementing the proposed validation: require _to != address(0)
In this case assets are at risk due to external factors. A zero address check makes sense.
Fixed in https://github.com/sandclock-org/solidity-contracts/pull/85
Handle
pauliax
Vulnerability details
Impact
functions claimYield, _withdraw, and _unsponsor should validate that _to is not an empty 0x0 address to prevent accidental burns.
Recommended Mitigation Steps
Consider implementing the proposed validation: require _to != address(0)