ctf_sec - Share can be minted to address(0) in TimeLockPool.sol#Deposit

[sherlock-admin]

ctf_sec

medium

Share can be minted to address(0) in TimeLockPool.sol#Deposit

Summary

Share can be minted to address(0) in TimeLockPool.sol#Deposit

Vulnerability Detail

When calling the the function deposit

   function deposit(uint256 _amount, uint256 _duration, address _receiver) external override {
        if (_amount == 0) {
            revert ZeroAmountError();
        }

The function does not verify if the _receiver address is address(0),

When the mint is called, the share that minted to address(0) is basically equal to burn the share.

    _mint(_receiver, mintAmount);

Impact

Burning the share while deposit the token basically waste storage space and erode other user's share because address(0) is not supposed to get any reward anyway.

Code Snippet

https://github.com/sherlock-audit/2022-10-merit-circle/blob/main/merit-liquidity-mining/contracts/TimeLockPool.sol#L85-L93

Tool used

Manual Review

Recommendation

We recommend the project check if the receiverAddress is address(0)

   function deposit(uint256 _amount, uint256 _duration, address _receiver) external override {
        if(_receiver == address(0)) {
             revert InvalidReceiver();
        }
        if (_amount == 0) {
            revert ZeroAmountError();
        }