Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Lack of Zero-Address Check

blockchainbard

Summary

The function setFeeReceiver does not prevent the owner from setting the _feeReceiver as the zero address. This could result in a loss of fees, as once the zero address is set as the feeReceiver, any fees transferred would be irrecoverable.

Vulnerability Details

The setFeeReceiver function, which is used to update the feeReceiver address, does not have a check to prevent the new feeReceiver from being the zero address. If the zero address is mistakenly or maliciously set as the feeReceiver, all subsequent transfers of fees to this address would be irrecoverable, effectively being burned.

Impact

If the zero address is set as the feeReceiver, any fees sent to the zero address are irrecoverable and effectively destroyed. This can result in a loss of income from fees.

Tools Used

Manual review of the smart contract code.

Recommendations

When updating the feeReceiver address, add a require statement to ensure that the new address is not the zero address. Here's an example of how you can add this check:

function setFeeReceiver(address _newFeeReceiver) external onlyOwner {

require(_newFeeReceiver != address(0), "Fee receiver cannot be the zero address");

feeReceiver = _newFeeReceiver;

}

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.