Tadle

​

The `rescue` function in the `Rescuable` contract allows the contract owner to rescue tokens or Ether from the contract. However, the function lacks a check to ensure that the `to` address is not the zero address (`address(0x0)`), which could lead to an unintended transfer of funds to the zero address, resulting in a loss of assets.

​

​

The `rescue` function is designed to transfer a specified amount of Ether or tokens to a given address. If the `token` address is `address(0x0)`, the function transfers Ether; otherwise, it transfers the specified token. However, the function does not validate that the `to` address is non-zero before performing the transfer. If `to` is mistakenly set to the zero address, the Ether or tokens could be irretrievably lost.

​

​

function rescue(

) external onlyOwner {

​

}

​

​

The primary impact of this issue is the potential loss of Ether or tokens if they are transferred to the zero address. This could happen due to a mistake in the input parameters or a malicious attempt to cause a denial of service by locking funds in an unreachable address. Such an event could result in financial loss for the contract owner or the contract itself.

​

​

- Manual code review.

​

​

To prevent the accidental transfer of funds to the zero address, it is recommended to add a validation check that ensures the `to` address is not `address(0x0)` before proceeding with the transfer.

​

​

function rescue(

) external onlyOwner {

​

​

}

​

This change will ensure that the function only allows transfers to valid, non-zero addresses, preventing the accidental loss of funds.

​

​

This issue is classified as **low** severity. While it does not present a direct security vulnerability, it can lead to the loss of funds if not addressed. Implementing a zero-address check will enhance the robustness and reliability of the contract, safeguarding assets from accidental or malicious transfers to the zero address.