stake.link

DeFiHardhatBridge

27,500 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

`delegatorPool` address is never initialized in `SDLPoolPrimary::initialize` function

DarkTower

Summary

delegatorPool address is never initialized in SDLPoolPrimary::initialize function resulting in user stake migrations always reverting/failing.

Vulnerability Details

On deploying the SDLPrimaryPool, addresses of the sdlToken and boostController are set, if the delegatorPool is not set at that point, we go ahead and initialize the SDLPoolBase which is inherited by the SDLPoolPrimary contract. However, since we never got to initialize the delegatorPool variable, we'll essentially never make it into that else block in the initialize function resulting in the delegatorPool staying zero/un-initialized. This will result in migrate failing every time since we try to compare the msg.sender to a zero address which will return false.

Context::SDLPoolPrimary::initialize

address public delegatorPool;

function initialize(

string memory _name,

string memory _symbol,

address _sdlToken,

address _boostController

) public reinitializer(2) {

if (delegatorPool == address(0)) { // @audit-fails to init delegatorPool

__SDLPoolBase_init(_name, _symbol, _sdlToken, _boostController);

} else {

delegatorPool = ccipController; // not making it into this block even during the upgrades and setting the version[2]

}

Context: SDLPoolPrimary::_migrate

function migrate(

address _sender,

uint256 _amount,

uint64 _lockingDuration

) external {

if (msg.sender != delegatorPool) revert SenderNotAuthorized(); // @audit-issue did we ever init delegatorPool?

sdlToken.safeTransferFrom(delegatorPool, address(this), _amount);

_storeNewLock(_sender, _amount, _lockingDuration);

}

As you can see from the function initialize above, if the delegatorPool address is not set or an address 0, then it initializes the SDLPoolPrimary. The delegatorPool stays un-initialized at this point. The else block won't be reached because the address of the delegatorPool is not set.

Tools Used

Manual Review

Impact

Unable to migrate users from DelegatorPool to SDLPoolPrimary.

Recommendation

Initialize the delegatorPool variable or expose a function to be able to handle setting it at any time by the protocol.

Updates

Lead Judging Commences

0kage Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

27,500 USDC

nSLOC

1,414

19 USDC / LOC

High Medium

25,000 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.