Summary

The function TSender.sol__airdropERC20 does not validate if tokenAddress is a valid ERC20 token contract address. If an invalid address is passed, it might lead to unexpected behavior or errors.

Vulnerability Details

The function Tsender.sol__airdropERC20 accepts a parameter tokenAddress, which is supposed to be the address of an ERC20 token contract. The function does not validate if tokenAddress is a valid ERC20 token contract address. This omission can lead to the following issues :

1. If an invalid non-contract address is passed, the function may try to interact with an address that does not support the ERC20 interface, this can result in a failed transaction and unexpected behavior.

2. If the address corresponds to a malicious contract it might lead to more severe issues.

Impact

The function TSender.sol__airdropERC20 does not validate if tokenAddress is a valid ERC20 token contract address. If an invalid address is passed, it might lead to unexpected behavior or errors.

Recommendations

Add a Check to ensure tokenAddress is a valid contract address.

1. we can use Address library from OpenZeppelin, which provides a function isContract to check if an address is a contract.

2. This check can be performed in the beginning of TSender.sol__airdropERC20 function to ensure the tokenAddress is indeed a contract.