fix: address tmnt 148

Author: LHerskind

l1-contracts/src/governance/Governance.sol

@@ -352,6 +352,9 @@ contract Governance is IGovernance {
    */
   function finaliseWithdraw(uint256 _withdrawalId) external override(IGovernance) {
     Withdrawal storage withdrawal = withdrawals[_withdrawalId];
+    // This is a sanity check, the `recipient` will only be zero for a non-existent withdrawal, so this avoids
+    // `finalise`ing non-existent withdrawals. Note, that `_initiateWithdraw` will fail if `_to` is `address(0)`
+    require(withdrawal.recipient != address(0), Errors.Governance__WithdrawalNotInitiated());
     require(!withdrawal.claimed, Errors.Governance__WithdrawalAlreadyClaimed());
     require(
       Timestamp.wrap(block.timestamp) >= withdrawal.unlocksAt,
@@ -692,6 +695,7 @@ contract Governance is IGovernance {
    * @return The id of the withdrawal.
    */
   function _initiateWithdraw(address _from, address _to, uint256 _amount, Timestamp _delay) internal returns (uint256) {
+    require(_to != address(0), Errors.Governance__CannotWithdrawToAddressZero());
     users[_from].sub(_amount);
     total.sub(_amount);
 

l1-contracts/src/governance/libraries/Errors.sol

@@ -19,6 +19,8 @@ library Errors {
   error Governance__NoCheckpointsFound();
   error Governance__InsufficientPower(address voter, uint256 have, uint256 required);
   error Governance__InvalidConfiguration();
+  error Governance__CannotWithdrawToAddressZero();
+  error Governance__WithdrawalNotInitiated();
   error Governance__WithdrawalAlreadyClaimed();
   error Governance__WithdrawalNotUnlockedYet(Timestamp currentTime, Timestamp unlocksAt);
   error Governance__ProposalNotActive();

l1-contracts/test/governance/governance/finaliseWithdraw.t.sol

@@ -18,7 +18,7 @@ contract FinaliseWithdrawTest is GovernanceBase {
 
   function test_WhenIdMatchNoPendingWithdrawal(uint256 _id) external {
     // it revert
-    vm.expectRevert(abi.encodeWithSelector(IERC20Errors.ERC20InvalidReceiver.selector, address(0)));
+    vm.expectRevert(abi.encodeWithSelector(Errors.Governance__WithdrawalNotInitiated.selector));
     governance.finaliseWithdraw(_id);
   }
 

l1-contracts/test/governance/governance/initiateWithdraw.t.sol

@@ -17,6 +17,11 @@ contract InitiateWithdrawTest is GovernanceBase {
     _;
   }
 
+  function test_WhenToIsAddressZero() external {
+    vm.expectRevert(abi.encodeWithSelector(Errors.Governance__CannotWithdrawToAddressZero.selector));
+    governance.initiateWithdraw(address(0), 1);
+  }
+
   function test_GivenNoCheckpoints(uint256 _amount) external whenCallerHaveInsufficientDeposits {
     // it revert
     uint256 amount = bound(_amount, 1, type(uint224).max);
@@ -62,6 +67,10 @@ contract InitiateWithdrawTest is GovernanceBase {
     // it creates a pending withdrawal with time of unlock
     // it emits {WithdrawalInitiated} event
 
+    for (uint256 i = 0; i < WITHDRAWAL_COUNT; i++) {
+      vm.assume(_recipient[i] != address(0));
+    }
+
     uint256 deposit = bound(_activationThreshold, 1, type(uint224).max);
     uint256 sum = deposit;
     uint256 withdrawalId = 0;