search

sherlock-audit / 2022-10-merit-circle-judging

1 stars 0 forks source link

carlitox477 - BasePool#claimRewards allows users to burn rewards #28

Closed sherlock-admin closed 2 years ago

sherlock-admin commented 2 years ago

carlitox477

medium

BasePool#claimRewards allows users to burn rewards

Summary

This can be done by setting _receiver=address(0) leading to lost of users rewards

Vulnerability Detail

Calling claimRewards(address(0)) will allow msg.sender to burn their rewards.

Impact

Allows users to burn their rewards

Code Snippet

Tool used

Manual Review

Recommendation

Add next require statement at the start of function claimRewards: require(_receiver != address(0))