Beanstalk Part 1
Beanstalk
DeFiHardhatOracleProxyUpdates
100,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

`transferDeposits` has no validation for `recipient` address, can lead to deposits loss

0xtheblackpanther

Summary:

The transferDeposits function in the provided SiloFacet facilitates the transfer of multiple deposits between addresses. However, it lacks a validation check for the recipient address, allowing the possibility of transferring deposits to the zero address. This oversight could lead to the loss of assets for the sender.

Impact:

The absence of a recipient address validation check in the transferDeposits function poses a critical risk. If a user unintentionally or maliciously provides the zero address as the recipient, all deposits from the sender's account may be lost, leading to irreversible consequences. This could result in financial losses for users and undermine the security and reliability of the protocol.

Recommendations:

Recipient Address Validation:
Implement a check within the transferDeposits function to ensure that the recipient address is not the zero address. This will prevent the accidental or intentional transfer of deposits to an invalid or unrecoverable destination.

require(recipient != address(0), "Silo: Invalid recipient address (zero address)");
Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational/Invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.