Detailed description of the impact of this finding.
The function _delegateTier alllows one to change to a new delegate for a tier. However, there is no zero address check for the new delegate or validity check for the address (input error).
Introduce a zero address check, and in the long run, one needs to introduce a two-step process to transfer delegate, the owner proposes the new delegate, and the new delegate needs to accept it via a function to complete the assignment of the new delegate for a tier.
Lines of code
https://github.com/jbx-protocol/juice-nft-rewards/blob/f9893b1497098241dd3a664956d8016ff0d0efd0/contracts/JB721TieredGovernance.sol#L211
Vulnerability details
Impact
Detailed description of the impact of this finding. The function _delegateTier alllows one to change to a new delegate for a tier. However, there is no zero address check for the new delegate or validity check for the address (input error).
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. https://github.com/jbx-protocol/juice-nft-rewards/blob/f9893b1497098241dd3a664956d8016ff0d0efd0/contracts/JB721TieredGovernance.sol#L211
Tools Used
Manual
Recommended Mitigation Steps
Introduce a zero address check, and in the long run, one needs to introduce a two-step process to transfer delegate, the owner proposes the new delegate, and the new delegate needs to accept it via a function to complete the assignment of the new delegate for a tier.