berndartmueller
commented
1 year ago Providing address(0) as the to parameter is considered a user error. Closing as overinflated severity.
Closed code423n4 closed 1 year ago
berndartmueller
commented
1 year ago Providing address(0) as the to parameter is considered a user error. Closing as overinflated severity.
c4-judge
commented
1 year ago berndartmueller marked the issue as unsatisfactory: Overinflated severity
Lines of code
https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/core/Pair.sol#L116
Vulnerability details
Impact
Sanity checks checking that funds are not going to the burn address should be done. In this case in the function swap, funds will not burn because you have to return the flashloan but the check should be made
Tools Used
manual
Recommended Mitigation Steps
add a require statement:
require(to =! address(0));