`SwapHandler.swapForTau` should ensure `Controller(controller).addressMapper(Constants.FEE_SPLITTER) != 0` first.

Summary

SwapHandler.swapForTau validates swap adapter address. But it doesn’t validate Controller(controller).addressMapper(Constants.FEE_SPLITTER). The protocol fees could be sent to address(0).

Vulnerability Detail

SwapHandler.swapForTau validates swap adapter address at the beginning. But it doesn’t validate the FeeSplitter address. it could send the protocol fees to the address(0). https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Vault/SwapHandler.sol#L94 https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Vault/SwapHandler.sol#L64

    function swapForTau(
        address _yieldTokenAddress,
        uint256 _yieldTokenAmount,
        uint256 _minTauReturned,
        bytes32 _swapAdapterHash,
        uint256 _rewardProportion,
        bytes calldata _swapParams
    ) external onlyKeeper whenNotPaused {
        // Get and validate swap adapter address
        address swapAdapterAddress = SwapAdapterRegistry(controller).swapAdapters(_swapAdapterHash);
        if (swapAdapterAddress == address(0)) {
            // The given hash has not yet been approved as a swap adapter.
            revert unregisteredSwapAdapter();
        }

        …

        // Send protocol fees to FeeSplitter
        IERC20(_yieldTokenAddress).safeTransfer(
            Controller(controller).addressMapper(Constants.FEE_SPLITTER),
            protocolFees
        );

    }

Impact

The protocol fees could be sent to address(0).

Code Snippet

https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Vault/SwapHandler.sol#L94 https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Vault/SwapHandler.sol#L64

Tool used

Manual Review

Recommendation

Add check in SwapHandler.swapForTau to ensure Controller(controller).addressMapper(Constants.FEE_SPLITTER) != 0

sherlock-audit / 2023-03-taurus-judging

GimelSec - `SwapHandler.swapForTau` should ensure `Controller(controller).addressMapper(Constants.FEE_SPLITTER) != 0` first. #155

`SwapHandler.swapForTau` should ensure `Controller(controller).addressMapper(Constants.FEE_SPLITTER) != 0` first.

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-audit / 2023-03-taurus-judging

GimelSec - `SwapHandler.swapForTau` should ensure `Controller(controller).addressMapper(Constants.FEE_SPLITTER) != 0` first. #155

SwapHandler.swapForTau should ensure Controller(controller).addressMapper(Constants.FEE_SPLITTER) != 0 first.

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

`SwapHandler.swapForTau` should ensure `Controller(controller).addressMapper(Constants.FEE_SPLITTER) != 0` first.