stake.link

DeFiHardhatBridge

27,500 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Sweeping can potentially disrupt accounting when tokens with multiple addresses are involved

0xmilenov

Summary

Token sweeping functions can inadvertently disrupt accurate accounting in systems where tokens are associated with multiple addresses, particularly in cases where one address's actions affect another's balance.

Vulnerability Details

In the past, there have been incidents where a token unintentionally had two addresses with control over its balance.

Transfers made using one address affected the balance of the other.

function recoverTokens(address[] calldata _tokens, address _receiver) external onlyOwner {

Impact

Loss of funds, incorrect token distribution, and a general lack of trust.

Tools Used

Manual review

Recommendations

To guard against this scenario, sweep functions should verify that the balance of the non-sweepable token remains unchanged after transferring the swept tokens.

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

27,500 USDC

nSLOC

1,414

19 USDC / LOC

High Medium

25,000 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.