Core Contracts

Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Submission Details
Severity: low
Invalid

Missing address(0) check in LendingPool.rescueToken function

Summary

The rescueToken function allows the owner to rescue tokens from the contract but lacks a check to prevent transferring tokens to the zero address. This oversight could result in the permanent loss of tokens.

Vulnerability Details

function rescueToken(address tokenAddress, address recipient, uint256 amount) external onlyOwner {
require(tokenAddress != reserve.reserveRTokenAddress, "Cannot rescue RToken");
IERC20(tokenAddress).safeTransfer(recipient, amount);
}

Impact

If recipient is set to address(0), the tokens will be irrecoverable.

Tools Used

Manual code review

Recommendations

Add a simple address(0) checking

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.