Summary

The loadExisting function is responsible for loading an existing withdrawal request based on the provided vaultId, account, and withdrawalRequestId. However, the function lacks a proper check for zero addresses, specifically the account address.

Vulnerability Details

The loadExisting function makes use of the load function to retrieve the withdrawal request based on the provided parameters. The function checks if the timestamp of the request is zero, indicating the absence of a valid request. However, there is no validation to ensure that the account address is not a zero address before attempting to load the withdrawal request. This oversight could lead to potential issues when interacting with contracts, as zero addresses are often used as default values, causing unexpected behavior.

Impact

The absence of a check for the zero address address(0) could lead to undefined behavior or errors if a zero address is passed to the function. This could result in unintended operations, such as loading invalid data, and may cause issues such as failed transactions or incorrect contract states. It also presents an attack surface for potential exploits.

Recommendations

Add a check to ensure that the account address is not a zero address before attempting to load the withdrawal request. Example: