The rescue_tokens function in the VestedAirdrop contract allows zero-amount token transfers. While this doesn't pose a direct security risk, it allows unnecessary transactions that waste gas and could pollute event logs with meaningless transfers.
The rescue_tokens function is designed as an emergency function to recover tokens from the contract. However, it lacks validation for the transfer amount, allowing zero-value transfers:
The function will execute and emit even when amount = 0, which serves no practical purpose.
Gas wastage through unnecessary zero-value transactions
Event log pollution with meaningless transfer events
Potential confusion in contract monitoring/analytics
Low severity as it's owner-only and doesn't risk funds
1. Add amount validation to prevent zero-value transfers:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.