20,000 USDC
View results
Submission Details
Severity: medium

Unauthorized Fund Claim in Staking Contract

Summary

the operation is not properly secured, and there are no checks to ensure the sender is authorized to perform this action or validate if the transferred funds were staked or deposited as required.

Vulnerability Details

TKN.transferFrom(msg.sender, address(this), _amount);, here the contract isn't using safeERC20. Some implementations of transfer and transferFrom could return ‘false’ on failure instead of reverting. It is safer to wrap such calls into require() statements or use safe wrapper functions implementing return value/data checks to handle these failures. For reference, https://consensys.net/diligence/audits/2020/09/aave-protocol-v2/#unhandled-return-values-of-transfer-and-transferfrom. Since there is no check for return status, the functions is moving forwarded to add balance for staking.

Impact

Attacker can steal WETH funds from the contract without fulfilling the staking requirements. the attacker can initiate unauthorized transfers and drain the staked funds.

Tools Used

Recommendations

Use safeERC20 or check balance of TKN after transferFrom

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.