Missing zero address check for Fees.sol incurs loss of profits
Summary
Address provided to the constructor is missing zero address checks for both contracts. This can result in loss of profits if only the staking address, and/or unexpected behavior when attempting to use the contract; additionally, requiring a re-deployment due to no existing functions to change after.
Vulnerability Details
Missing zero address check in constructor can result in the contract not working correctly, with no functions available to set either of the addresses after deployment it would require a deployment of the contract with the correct contract address.
Also, if the staking address provided is a zero address, when the sellProfits() function is called, the profits would be transferred to a zero address and lost.
NOTE
The contract is not currently implemented in any other available contracts, but could deem an issue if used in the future or if used by other contracts not shared as part of the audit.
Impact
Loss of profits to zero address (staking), re-deployment of contract required as no functions to change after deployment, and/or unexpected contract behaviour.
Tools Used
Manual review
Recommendations
Implement a zero address check using the require function and the != (inequality) operator with address(0).
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.