If multiple users mistakenly send the same token (i.e
USDC) to the SDLPoolCCIPController.sol
contract, then only one user will take all the tokens and the other users will lose the tokens
SDLPoolCCIPController::recoverTokens
has a function to return tokens that were sent accidentally from the user to the contract. The code for this function is below :
The problem is that this function doesn't handle if multiple users accidentally send the same token to this contract. If several users accidentally send the same token, then only one user will get all the balance of these tokens from this contract. This is because this function sends the amount of tokens according to balanceOf(address(this))
, so that all the same tokens will be sent to one user only.
Only one user will take all the tokens and the other users will lose their tokens
Manual review
Consider doing calculations and storing tokens that are accidentally sent from users in an array and then distributing them properly
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.