The code lacks a critical check for an invalid recipient (address(0)
) when transferring tokens within the TRANSFER_TAKE_FROM()
function. This absence of validation may result in unintended behavior or potential vulnerabilities. The provided proof of concept demonstrates the suggested modification to mitigate the issue.
Failure to check for an invalid recipient during token transfers poses a significant risk. If the to
address is address(0)
, the contract should revert to prevent tokens from being transferred to an invalid or nonexistent recipient. The vulnerability could lead to loss of tokens or unexpected contract behavior.
Manual code analysis
To address the lack of a check for an invalid recipient, the following recommendation is provided:
Invalid Recipient Check:
Insert a check to verify if the to
address is address(0)
within the existing code. If the condition is met, revert the transaction with an "INVALID_RECIPIENT" error.
This modification ensures that the contract correctly handles scenarios where the recipient address is address(0)
.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.