Beginner FriendlyDeFiFoundry
100 EXP
View results
Submission Details
Severity: high
Valid

Wrong USDC address, leading to loss of funds for the protocol

Summary

The address of zkSync USDC token is wrong, leading to the deployment of the airdrop contract with an invalid token to distribute to the users. Thus, transfer will fail and no user will be able to get their airdrop.

Vulnerability Details

The address provided for the variable s_zkSyncUSDC is not a valid token.
Evidence: https://explorer.zksync.io/address/0x1D17CbCf0D6d143135be902365d2e5E2a16538d4

Impact

The airdrop contract won't be able to distribute any token as it will try to send an invalid token. The protocol looses all its purpose.
Also, the owner will found the contract with USDC and there will be no way to get them out of the contract, resulting in fund losses for the protocol.

Tools Used

Manual review

Recommendations

+ address public s_zkSyncUSDC = 0x1d17CBcF0D6D143135aE902365D2E5e2A16538D4;
- address public s_zkSyncUSDC = 0x1D17CbCf0D6d143135be902365d2e5E2a16538d4;
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

usdc-wrong-address

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.