Vulnerability Details

areListsValid is used to check the validity of addresses input in the parameter with the following criteria.

1. Duplicate addresses

2. Zero address sends

3. There is at least 1 recipient

4. All amounts are > 0

5. recipients.length == amounts.length

However, not included here is a mistake in input like wrong format addresses (e.g. wrong length, ).
This checking can easily bypass and if the list is huge like 10,000 addresses, this input mistake more likely can happen.

In case of function airdropERC20, the impact could be denial of service as it will revert even if only 1 address fail in transfer transaction.
The transaction will fail because these wrong format addresses won't be recognized and accepted by the blockchain.

Impact

Temporary Denial of service to airdropERC20 as the function won't work if the list contain several wrong format address.
If the list is huge like 10,000 , this may take time to resolve to identify which on list has the wrong format
since the function completely reverts the whole transaction without knowing quickly what addresses exactly failed on transfer.

Tools Used

Manual review

Recommendations

Implement another function with the use of try/catch method so it can still process the valid addresses without reverting the whole transaction.
The invalid addresses identified will be tackled later in another transaction after correcting the format.