Missing zero address check of modifier onlyValidBridge
The 'onlyValidBridge' modifier currently lacks a verification process to confirm that the provided 'bridge' address is not a zero address.
While it may not directly lead to loss of funds or contract takeover like high severity vulnerabilities (e.g., reentrancy, overflow/underflow), it can still cause significant issues such as incorrect contract behavior, potential loss of funds due to incorrect asset management, and unexpected reverts, which can disrupt the normal operation of the contract and potentially lead to financial loss.
Manual
To resolve this issue, you should add a check in the 'onlyValidBridge' modifier to ensure that the 'bridge' address is not a zero address. This can be done by adding a condition that reverts the transaction if the 'bridge' address is equal to the zero address. Here is the updated code:
This will ensure that the 'bridge' address is always a valid Ethereum address and not the zero address, which is typically used to burn tokens or indicate an error.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.