No validation for `_amount` in migrate function
Summary
In the SDLPoolPrimary contract, the migrate function lacks a validation check for the _amount parameter. When _amount is zero, indicating that no SDL tokens are being staked or migrated, a lock with zero value is created. This could lead to unintended consequences, as creating locks with zero value may not align with the intended behavior of the contract. Implementing a check for non-zero values in _amount is recommended to prevent the creation of zero-value locks during migration.
Vulnerability Details
In the migrate function, there is no explicit check for zero values in the _amount parameter. Consequently, when zero is passed as the _amount during migration, a lock with zero value is created. While this does not cause a revert, it might lead to unintended consequences, such as the creation of zero-value locks and potential resource allocation for these locks.
Impact
Allowing zero values in the _amount parameter during migration can lead to the creation of zero-value locks, posing risks such as unnecessary gas costs, increased complexity in auditing and contract comprehension, and potential resource allocation for zero-value locks.
Tools Used
Manual review
Recommendations
Implement a check at the beginning of the migrate function to ensure that _amount is greater than zero. This can prevent the creation of zero-value locks.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.