Missing 0 address check for "_feeRecipient" inside "exec()" function inside "OpenRelay.sol" leads to burned fees
Closed this issue · 0 comments
sherlock-admin3 commented
Missing 0 address check for "_feeRecipient" inside "exec()" function inside "OpenRelay.sol" leads to burned fees
Low/Info issue submitted by hashov
Summary
Missing 0 address check for "_feeRecipient" inside "exec()" function inside "OpenRelay.sol", might lead to fees burned for real receiver.
Vulnerability Detail
The "exec()" function inside "OpenRelay.sol" receives a parameter type address "_feeRecipient" and does not have a 0 address check, which will definitely result in lost of funds (fees) for the recipient and also loss of gas for the msg.sender for this transaction (cause it will be invalid).
Impact
Low since it will be one time fee loss for the user who has to receive the funds.
Code Snippet
Tool used
Manual Review
Recommendation
Add a simple check inside the "exec()" function in the beginning is preferrable, as follow:
require(address(_feeRecipient) != address(0), "_feeRecipient cannot be 0x0!");