stake.link
stake.link
DeFiHardhatBridge
27,500 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Users can transfer the lock to their own account to get twice the rewards

peanuts

Summary

If users transfer their lock to themselves, they can get two times the rewards

Vulnerability Details

Users can transfer their lock to other accounts.

function _transfer(
address _from,
address _to,
uint256 _lockId
) internal virtual {
if (_from != ownerOf(_lockId)) revert TransferFromIncorrectOwner();
if (_to == address(0)) revert TransferToZeroAddress();
if (_to == ccipController) revert TransferToCCIPController();
delete tokenApprovals[_lockId];
> _updateRewards(_from);
> _updateRewards(_to);
uint256 effectiveBalanceChange = locks[_lockId].amount + locks[_lockId].boostAmount;
effectiveBalances[_from] -= effectiveBalanceChange;
effectiveBalances[_to] += effectiveBalanceChange;
balances[_from] -= 1;
balances[_to] += 1;
lockOwners[_lockId] = _to;
emit Transfer(_from, _to, _lockId);
}

There is no check in this function to check that the _from address and _to address is the same. Users can input the same address so that the lock will be transferred to himself.

_updateRewards() will be triggered twice, resulting in user getting two times the rewards

Impact

Users can game the system by getting two times the award

Tools Used

VsCode

Recommendations

Ensure that the _from address is not the same as the _to address.

Updates

Lead Judging Commences

0kage Lead Judge
over 1 year ago
0kage Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

from equals to

from and to address same in transfer

0kage Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

from equals to

from and to address same in transfer

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.