Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Missing address 0 validation in setFeeReceiver function

y51r

Summary

The issue arises from the possibility of setting the feeReceiver to address 0 (the Ethereum burn address) in the setFeeReceiver function. This vulnerability could result in a loss of funds, as any fees intended for the designated feeReceiver would be irrecoverably sent to the burn address.

Vulnerability Details

The setFeeReceiver function allows the contract owner to set the address of the fee receiver. However, it lacks a validation check to prevent the feeReceiver from being set to address 0. Without this validation, it is possible to set the feeReceiver to address 0.

Impact

If the feeReceiver is set to address 0, any fees collected by the smart contract would be permanently lost. This could have severe financial consequences for the contract users and the contract owner.

Tools Used

Manual code review

Recommendations

Add a validation check in the setFeeReceiver function to prevent setting the feeReceiver to address 0. This can be achieved by adding the following require statement at the beginning of the function:

require(_feeReceiver != address(0), "Fee receiver cannot be the zero address");

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.