Skip to content

Latest commit

 

History

History
33 lines (28 loc) · 1.17 KB

084.md

File metadata and controls

33 lines (28 loc) · 1.17 KB
Raw

Precise Yellow Sealion

medium

Funds can be permanently lost

Summary

Funds can be permanently lost because of no 0 address checks in RewardRouter.sol::sweepTokens function.

Vulnerability Detail

https://github.com/sherlock-audit/2024-04-alchemix/blob/main/v2-foundry/src/utils/RewardRouter.sol#L61-L63 In the sweepTokens function there are no zero address checks. Because of this funds can be permanently lost and cannot be recovered. Moreover, it sweeps all of the tokens that the contract contains which is detrimental to the protocol.

Impact

Complete funds that the contract contains can be lost.

Code Snippet

function sweepTokens(address token, address recipient) external onlyOwner {
        TokenUtils.safeTransfer(token, recipient, TokenUtils.safeBalanceOf(token, address(this)));
    }

Tool used

Manual Review

Recommendation

Add zero address check in the function

function sweepTokens(address token, address recipient) external onlyOwner {
        if(token == address(0)){
             revert IllegalArgument();
         }
        TokenUtils.safeTransfer(token, recipient, TokenUtils.safeBalanceOf(token, address(this)));
    }