Part 2

Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Submission Details
Severity: low
Invalid

Missing Zero Address Check in `ZlpVault::redeem` Function

Vulnerability Details

The ZlpVault::redeem function does not include a check to ensure that neither the receiver nor the owner addresses are zero addresses before proceeding with the transaction. This is important because sending tokens to a zero address can result in assets being lost permanently.

Impact

  1. If the receiver or owner is the zero address, tokens may be lost as they would be sent to the address 0x0000000000000000000000000000000000000000

  2. Allowing zero addresses to be used could potentially open the contract to malicious behavior

Recommendations

Add checks at the beginning of the redeem function to ensure that the receiver and owner addresses are not zero addresses.

require(receiver != address(0), "Receiver address cannot be the zero address");
require(owner != address(0), "Owner address cannot be the zero address");
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.