Lack of check for address(0) in LendingPair.depositUniPosition
#112
Labels
Comments
|
Checking this would increase gas costs for all users while only making it a bit safer for an absolute edge case of users who try to use etherscan directly and enter zero address into the accounting field for some reason. I suggest lowering the severity to 0. This doesn't sound like a good tradeoff. |
|
best practice recommendation, non-critical |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
GalloDaSballo
Vulnerability details
Impact
The function
depositUniPositionis not checking if the deposit address is different from address(0)https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/LendingPair.sol#L103
Interestingly enough, only one depositor could make the mistake before the position is irrevocably lost and no-one else would be able to deposit for address(0)
Recommended Mitigation Steps
Add a check
require(_account != address(0));The text was updated successfully, but these errors were encountered: