Loss of Funds
Summary
The _redeemPositionToken function lacks proper validation for the _recipient address, which could lead to unexpected behavior or fund loss if an invalid address is provided.
Vulnerability Details
The function does not check if _recipient is address(0).
If _recipient == address(0), _redeemWTokenPrivate may process the withdrawal incorrectly, potentially burning wTokens without transferring the expected collateral to the intended recipient.
This could result in the loss of redeemable assets, making them unrecoverable.
Impact
Fund loss: If _recipient is address(0), collateral tokens might be burned or lost.
Transaction failure: If _redeemWTokenPrivate has internal checks, the transaction might fail unexpectedly.
Incorrect asset distribution: The function may process the redemption but fail to transfer assets properly.
Tools Used
Manual Code Review
Recommendations
if (_recipient == address(0)) revert ZeroAddress();
uint256 _amountReturned = _redeemWTokenPrivate(
_pool.collateralToken,
_wTokenAmountReturned,
_recipient,
address(this)
);
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.