The functions SablierFlowBase::collectProtocolRevenue()
and SablierFlowBase::recover()
do not validate the to
parameter to ensure it is not the zero address. Allowing transfers to the zero address can inadvertently result in permanent asset loss, as funds sent to the zero address are irretrievable
Permanent asset loss
In SablierFlowBase::collectProtocolRevenue()
, add the following check:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.