Closed sherlock-admin closed 6 months ago
dian.ivanov
medium
GSPFunding's buyShares function allows to buy shares for address(0)
if someone accidentially calls buyShares with to = address(0), the assets will be trasferred to unused address, hence they will be locked.
Can lead to locked assets in the address(0)
https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/af43d39f6a89e5084843e196fc0185abffe6304d/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPFunding.sol#L31
Manual Review
Add a check to not allow to == address(0)
Duplicate of #41
dian.ivanov
medium
buyShares allows to = address(0)
dian.ivanov
medium
Summary
GSPFunding's buyShares function allows to buy shares for address(0)
Vulnerability Detail
if someone accidentially calls buyShares with to = address(0), the assets will be trasferred to unused address, hence they will be locked.
Impact
Can lead to locked assets in the address(0)
Code Snippet
https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/af43d39f6a89e5084843e196fc0185abffe6304d/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPFunding.sol#L31
Tool used
Manual Review
Recommendation
Add a check to not allow to == address(0)
Duplicate of #41