Skip to content

Zero Address Transfer#

Informational

In CommunityToken.sol transferFrom and safeTransferFrom do not validate against transferring to the zero address. This in theory would allow for end users to burn tokens without going through an explicit burn function. It would also cause the zero address to gain a non-zero token balance. Validating against the zero address is also described in the ERC721 specification.

In practice transfers are disabled by the inheriting ERC721WrapperVotes.sol so this is a non issue for this use case of CommunityToken.

Recommendation#

Even so, we recommend validating against the zero address in both transferFrom and safeTransferFrom:

require(to != address(0), "Cannot transfer to zero addresss");