Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2023-07-arcade/blob/main/contracts/ARCDVestingVault.sol#L260
There is no zero address check in the delegate() function in ARCDVestingVault contract. This allows address(0) to be able to accumulate VotingPower.
to
Manual review
Add a Non Zero address check to ensure users do not delegate to address(0).
Other
141345 marked the issue as primary issue
User's own input/mistake.
Also no loss, can delegate back
141345 marked the issue as low quality report
0xean marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-07-arcade/blob/main/contracts/ARCDVestingVault.sol#L260
Vulnerability details
Impact
There is no zero address check in the delegate() function in ARCDVestingVault contract. This allows address(0) to be able to accumulate VotingPower.
Proof of Concept
to
address.Tools Used
Manual review
Recommended Mitigation Steps
Add a Non Zero address check to ensure users do not delegate to address(0).
Assessed type
Other