POB - POB - Lost funds in the `AmirX::_buyBack` function when `DefiSwap.defiSafe` is set to `address(0)`

[sherlock-admin2]

POB

Medium

POB - Lost funds in the AmirX::_buyBack function when DefiSwap.defiSafe is set to address(0)

Summary

BuyBack can result in lost funds if DefiSwap.defiSafe is not set. There is no check in the AmirX::_verifyDefiSwap function to ensure that DefiSwap.defiSafe is not the zero address. In the BuyBack function, if feeToken is POL and there is still POL remaining in the contract after the swap (address(this).balance > 0), the remaining POL will be sent to the zero address.

Root Cause

In AmirX::_verifyDefiSwap function there is no check to ensure that DefiSwap.defiSafe is not the zero address.

Internal pre-conditions

1. DefiSwap.defiSafe should be set to the zero address.
2. address(feeToken) == POL.
3. After the aggregator call (bool polSwap,) = aggregator.call{value: msg.value}(swapData);, there should be remaining POL (address(this).balance > 0)

Impact

The bug in the BuyBack function causes any remaining POL after the swap to be sent to the zero address, resulting in lost funds.

Mitigation

Add a condition in the AmirX::_verifyDefiSwap function to check if a non-zero DefiSwap.defiSafe address is provided.