the function getReward should validate that _to is not an empty address (0x0) to prevent accidental loss of BYTES.
Impact: mint reward BYTES to address(0) will be lost
function getReward (
address _to
) external {
(
uint256 reward,
uint256 daoCommision
) = IStaker(STAKER).claimReward(_to);
// Mint both reward BYTES and the DAO tax to targeted recipients.
if (reward > 0) {
_mint(_to, reward);
}
if (daoCommision > 0) {
_mint(TREASURY, daoCommision);
}
}
Manual review
Consider implementing the proposed validation: require _to != address(0)
The text was updated successfully, but these errors were encountered:
All reactions