yy
medium
This lack of input validation allows users to unintentionally send their minted tokens to the Ethereum zero address (0x0), effectively burning these tokens and rendering them irretrievable.
The mintForToken function is designed to transfer a specified amount of tokens from a user's account to the smart contract, mint an equivalent amount of stablecoins, and send these stablecoins to a specified address (to). However, there is no validation check to ensure that to is a non-zero address.
When tokens are transferred to zero address, the function could end up burning tokens by sending them to an address from which they cannot be retrieved.
https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L151
Manual Review
adding require(to != address(0), "Cannot mint to zero address");