Loss of users' funds, due to minting to the zero address
Proof of Concepts
the mint function in the Twabcontroller.sol contract does not check for if the recipient address is address zerro. If user mistakingly calls the mint function without specifying the recipient, shares can be minted to address zero, which lead to loss of funds for the user.
Lines of code
https://github.com/GenerationSoftware/pt-v5-twab-controller/blob/0145eeac23301ee5338c659422dd6d69234f5d50/src/TwabController.sol#L457
Vulnerability details
Impact
Loss of users' funds, due to minting to the zero address
Proof of Concepts
the mint function in the
Twabcontroller.sol
contract does not check for if the recipient address is address zerro. If user mistakingly calls the mint function without specifying the recipient, shares can be minted to address zero, which lead to loss of funds for the user.Tools Used
Manual review
Recommended Mitigation Steps
Add checks that ensure that any minting to the address(0) reverts.
Assessed type
Token-Transfer