Lack of Validation for 'bridge' Address in withdrawalFee and unstakeFee Functions".
The code does not perform any checks to validate if the 'bridge' address exists or if it's valid.
It could cause failed transactions and unexpected behavior, which could disrupt the normal operation of the contract and potentially lead to financial loss indirectly.
Manual
For improved security, the code needs to include a function modifier or a require statement to verify the 'bridge' address and its presence in the s.bridge mapping before executing the rest of the function. This step will guarantee operations are performed on valid data only, thus enhancing the contract's resilience.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.