Description: The contract doesn't validate that the ERC20 token address is not the zero address during initialization. Setting the token address to zero would break the token transfer functionality. Lines 42-55 in the __init__
function
Impact: If the contract is deployed with a zero address for the token, all claim attempts would fail as external calls to the zero address would revert. This could permanently lock any functionality that depends on token transfers.
Recommended Mitigation: Add a zero address check as shown in the previous recommendation.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.