From d43a1509eef0563f720d98f9eeb1e996f35c63f7 Mon Sep 17 00:00:00 2001
From: Thrilok Kumar <thrilok2000@gmail.com>
Date: Mon, 31 Aug 2020 00:49:38 +0530
Subject: [PATCH] Check `to` is vaild for withdraw function

---
 contracts/pools/erc20.sol | 1 +
 contracts/pools/eth.sol   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/contracts/pools/erc20.sol b/contracts/pools/erc20.sol
index 947d52e..e5f71da 100644
--- a/contracts/pools/erc20.sol
+++ b/contracts/pools/erc20.sol
@@ -164,6 +164,7 @@ contract PoolToken is ReentrancyGuard, DSMath, ERC20Pausable {
     */
     function withdraw(uint tknAmt, address to) external nonReentrant whenNotPaused returns (uint _tknAmt) {
       uint poolBal = baseToken.balanceOf(address(this));
+      require(to != address(0), "to-address-not-vaild");
       require(tknAmt <= poolBal, "not-enough-liquidity-available");
       uint _bal = balanceOf(msg.sender);
       uint _tknBal = wdiv(_bal, exchangeRate);
diff --git a/contracts/pools/eth.sol b/contracts/pools/eth.sol
index 27bffc5..d6a8932 100644
--- a/contracts/pools/eth.sol
+++ b/contracts/pools/eth.sol
@@ -160,6 +160,7 @@ contract PoolToken is ReentrancyGuard, ERC20Pausable, DSMath {
   */
   function withdraw(uint tknAmt, address to) external nonReentrant whenNotPaused returns (uint _tknAmt) {
     uint poolBal = address(this).balance;
+    require(to != address(0), "to-address-not-vaild");
     require(tknAmt <= poolBal, "not-enough-liquidity-available");
     uint _bal = balanceOf(msg.sender);
     uint _tknBal = wdiv(_bal, exchangeRate);