Submission Details
Severity:
tokenApprovals not deleted.
Summary
tokenApprovals not deleted.
Vulnerability Details
when user uses handleOutgoingRESDL to transfer token from Chain A to Chain B the tokenApprovals is not deleted.
if user A approves token 1 to user B then ccipController calls PrimarySDL handleOutgoingRESDL tokenApprovals is not deleted.
so now if token 1 transfered from Chain B to Chain A the user B still has approval to transfer token even in case the owner changed.
Impact
Tools Used
Recommendations
delete toeknApprovals.
function handleOutgoingRESDL(
address _sender,
uint256 _lockId,
address _sdlReceiver
)
external
onlyCCIPController
onlyLockOwner(_lockId, _sender)
updateRewards(_sender)
updateRewards(ccipController)
returns (Lock memory)
{
Lock memory lock = locks[_lockId];
delete locks[_lockId].amount;
delete lockOwners[_lockId];
balances[_sender] -= 1;
+ if (tokenApprovals[_lockId] != address(0)) delete tokenApprovals[_lockId];
uint256 totalAmount = lock.amount + lock.boostAmount;
effectiveBalances[_sender] -= totalAmount;
effectiveBalances[ccipController] += totalAmount;
sdlToken.safeTransfer(_sdlReceiver, lock.amount);
emit OutgoingRESDL(_sender, _lockId);
return lock;
}
Prize pool breakdown
Total prize
27,500 USDC
nSLOC
1,41419
USDC / LOC
25,000 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.