Straight Parchment Wombat
High
In the design choices section, it's noted that safeguarding tokens is critical, even when a value for a safe is not specified:
However, if the value for a safe is not passed in, tokens should not be able to be sent into space or the zero address.
Presently, this design goal is not fully met. There are no checks to ensure the provided safe address is non-zero. As a result, any interactions involving this address will still proceed, potentially leading to the unintended consequence of sending tokens to the zero address.
Although all calls within the protocol are trusted and are expected to supply valid parameters when invoking functions, the issue here lies in the protocol's failure to align with the intended design outlined in the contest README.
Missing zero address check in _verifyDefiSwap().
https://github.com/sherlock-audit/2024-11-telcoin/blob/b9c751b59e78a7123a636e31ecafc9147046f190/telcoin-audit/contracts/swap/AmirX.sol#L264
All subsequent interactions with the defi safe will work and will lock the tokens:
- Low level call to send the left fee tokens to the safe after swapping them for POL case. This call will always return true. https://github.com/sherlock-audit/2024-11-telcoin/blob/b9c751b59e78a7123a636e31ecafc9147046f190/telcoin-audit/contracts/swap/AmirX.sol#L236
- Sending fee tokens to safe for ERC-20 tokens
https://github.com/sherlock-audit/2024-11-telcoin/blob/b9c751b59e78a7123a636e31ecafc9147046f190/telcoin-audit/contracts/swap/AmirX.sol#L251 - Telcoin remainder transfer after sending to referrer https://github.com/sherlock-audit/2024-11-telcoin/blob/b9c751b59e78a7123a636e31ecafc9147046f190/telcoin-audit/contracts/swap/AmirX.sol#L209
N/A
N/A
Issue cannot be considered as an attack.
Loss of funds.
N/A
Add check for the defiSafe value in _verifyDefiSwap().