Submission Details
Severity:
Missing zero address validation
Summary
address should be validated for zero value before assigning to a storage variable.
Vulnerability Details
File: contracts/pipeline/junctions/UnwrapAndSendETH.sol
/// @audit ******************* Issue Detail *******************
UnwrapAndSendETH.constructor(address).wethAddress (contracts/pipeline/junctions/UnwrapAndSendETH.sol#21) lacks a zero-check on :
- WETH = wethAddress (contracts/pipeline/junctions/UnwrapAndSendETH.sol#22)
/// @audit ************** Possible Issue Line(s) **************
L#21, L#22,
/// @audit ****************** Affected Code *******************
21: constructor(address wethAddress) {
22: WETH = wethAddress;
GitHub : 21-21
File: contracts/pipeline/junctions/UnwrapAndSendETH.sol
/// @audit ******************* Issue Detail *******************
UnwrapAndSendETH.unwrapAndSendETH(address).to (contracts/pipeline/junctions/UnwrapAndSendETH.sol#27) lacks a zero-check on :
- (success) = to.call{value: address(this).balance}(new bytes(0)) (contracts/pipeline/junctions/UnwrapAndSendETH.sol#31-33)
/// @audit ************** Possible Issue Line(s) **************
L#27, L#31-33,
/// @audit ****************** Affected Code *******************
27: function unwrapAndSendETH(address to) external {
31: (bool success, ) = to.call{value: address(this).balance}(
32: new bytes(0)
33: );
GitHub : 27-27
Impact
Sending funds to 0 address will result in loss of funds.
Tools Used
Recommendations
Check that the address is not zero.
Updates
Lead Judging Commences
giovannidisiena over 1 year ago
Submission Judgement Published Reason: Too generic
Assigned finding tags:
Informational/Invalid
Prize pool breakdown
Total prize
100,000 USDC
nSLOC
5,77617 USDC / LOC
95,000 USDC
5,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.