Missing 0 address check for "_feeRecipient" inside "exec()" function inside "OpenRelay.sol" leads to burned fees

Question

Missing 0 address check for "_feeRecipient" inside "exec()" function inside "OpenRelay.sol" leads to burned fees

Closed this issue 5 months ago · 0 comments

Missing 0 address check for "_feeRecipient" inside "exec()" function inside "OpenRelay.sol" leads to burned fees

Low/Info issue submitted by hashov

Summary

Missing 0 address check for "_feeRecipient" inside "exec()" function inside "OpenRelay.sol", might lead to fees burned for real receiver.

Vulnerability Detail

The "exec()" function inside "OpenRelay.sol" receives a parameter type address "_feeRecipient" and does not have a 0 address check, which will definitely result in lost of funds (fees) for the recipient and also loss of gas for the msg.sender for this transaction (cause it will be invalid).

Impact

Low since it will be one time fee loss for the user who has to receive the funds.

Code Snippet

https://github.com/sherlock-audit/2024-04-xkeeper/blob/main/xkeeper-core/solidity/contracts/relays/OpenRelay.sol#L38

Tool used

Manual Review

Recommendation

Add a simple check inside the "exec()" function in the beginning is preferrable, as follow:

   require(address(_feeRecipient) != address(0), "_feeRecipient cannot be 0x0!");