Vyper Vested Claims

First Flight #34
Beginner FriendlyDeFi
100 EXP
View results
Submission Details
Severity: medium
Invalid

No Zero Address Validation for Token

Description: The contract doesn't validate that the ERC20 token address is not the zero address during initialization. Setting the token address to zero would break the token transfer functionality. Lines 42-55 in the __init__ function

Impact: If the contract is deployed with a zero address for the token, all claim attempts would fail as external calls to the zero address would revert. This could permanently lock any functionality that depends on token transfers.

Recommended Mitigation: Add a zero address check as shown in the previous recommendation.

Updates

Appeal created

bube Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.