Description: In 'ISablierFlow::create' the documentation states that it is a requirement that the recipient can not be the zero address. However, there is no check for the recipient being the zero address in 'SablierFlow::_create'. As a result, the recipient can be set to the zero address.
Requirement for recipient zero address check: ISablierFlow.sol line 187
Impact: If the recipient is set to the zero address, it would violate the ERC721 standard which does not allow minting to the zero address and since it is a requirement based on the 'ISablierFlow::create' documentation it should be checked.
Proof of Concept:
Checks for sender, but does not check for recipient being the zero address.
Recommended Mitigation:
Add a check for the recipient being the zero address and an error for the recipient being the zero address in 'Errors.sol'.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.