Skip to content

Latest commit

 

History

History
32 lines (21 loc) · 1.04 KB

022.md

File metadata and controls

32 lines (21 loc) · 1.04 KB

ravikiran.web3

medium

mintForToken, to address should be checked for Non zero

Summary

In the mintForToken, as a good project protecting the interest of end user, it will be good to check for Non zero address before performing the transaction. As a public function, the exposure is larger, so implementing a check and reverting incase of zero address will help.

Vulnerability Detail

mintForToken should check for To address to be non zero before peforming the transfer. Incase the user passes a zero address, those funds will be lost.

Impact

Passing of 0 address in "To" address can result in loss of funds.

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L151C14-L154

function mintForToken(
    address token,
    uint256 tokenAmount,
    **address to**
) public returns (uint256 stableCoinAmount) {
    require(hasCollateralMint(token), "unsupported token");

Tool used

Manual Review

Recommendation

check for to address to be non zero before transfer.