Missing zero address validations
Summary
Missing zero address validations is detected in smart contracts Fees.sol, Lender.sol and Beedle.sol.
Vulnerability Details
In Fees.sol the input constructor parameters _weth and _staking and in Lender.sol the input parameter _feeReceiver in function setFeeReceiver are not checked if they are zero addresses. Also, the mint function in Beedle.sol does not check if the to address is a zero address (0x0).
Impact
It is a good practice to check if the input addresses are zero addresses. This is because the zero address is often used as a default value in Solidity, and sending tokens to this address will effectively burn them, as they cannot be recovered.
Also, minting tokens to the zero address effectively destroys them. Consider adding a requirement to prevent this.
Tools Used
Manual review
Recommendations
Add require to validate the address parameters in constructor in Fees.sol, in function setFeeReceiver in Lender.sol and in mint function in Beedle.sol:
constructor(address _weth, address _staking) {
require(_weth != address(0), "WETH address cannot be 0");
require(_staking != address(0), "Staking address cannot be 0");
WETH = _weth;
staking = _staking;
}
function setFeeReceiver(address _feeReceiver) external onlyOwner {
require(feeReceiver != address(0), "Fee receiver address cannot be 0");
feeReceiver = _feeReceiver;
}
function mint(address to, uint256 amount) external onlyOwner {
require(to != address(0), "to address cannot be 0");
_mint(to, amount);
}
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.