Moonwell

Moonwell
DeFiFoundry
15,000 USDC
View results
Submission Details
Severity: medium
Invalid

Missing Zero Address check in `sweepAll()` function of `MErc20DelegateMadFixer.sol` Contract

Summary

Missing Zero Address check may lead to lost of All tokens .

Vulnerability Details

function sweepAll(address sweeper) external {
/// @dev checks
require(msg.sender == admin, "only admin may sweep all");
EIP20Interface token = EIP20Interface(underlying);
/// @dev take it, take it all
bool success = token.transfer(sweeper, token.balanceOf(address(this)));
require(success, "token sweep failed");
}

Impact

Medium

Tools Used

Manual Review

Recommendations

+ require(sweeper != address(0) , "zero address not allowed");
Updates

Lead Judging Commences

0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.