stake.link

DeFiHardhatBridge

27,500 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

onTokenTransfer not able to distribute token due to invalid validation

thedoctor

Summary

SDLPoolPrimary::onTokenTransfer is an implementation to lock SDL tokens or distribute rewards according to the documentation:

"ERC677 implementation to stake/lock SDL tokens or distribute rewards - will update or create a lock if the transferred token is SDL, will distribute rewards otherwise" (Documentation)[https://docs.stake.link/core-contracts/sdlpool#ontokentransfer]

SDLPoolPrimary::onTokenTransfer will not be able to call RewardsPoolController::distributeTokens if the token transferred is not from SDL.

Due to the implementation logic, it's going against their documentation.

Vulnerability Details

/**

* @notice ERC677 implementation to stake/lock SDL tokens or distribute rewards

* @dev

* - will update/create a lock if the token transferred is SDL or will distribute rewards otherwise

* For Non-SDL:

* - reverts if token is unsupported

* For SDL:

* - set lockId to 0 to create a new lock or set lockId to > 0 to stake more into an existing lock

* - set lockingDuration to 0 to stake without locking or set lockingDuration to > 0 to lock for an amount

* time in seconds

* - see _updateLock() for more details on updating an existing lock or _createLock() for more details on

* creating a new lock

* @param _sender of the stake

* @param _value of the token transfer

* @param _calldata encoded lockId (uint256) and lockingDuration (uint64)

**/

function onTokenTransfer(

address _sender,

uint256 _value,

bytes calldata _calldata

) external override {

if (msg.sender != address(sdlToken) && !isTokenSupported(msg.sender)) revert UnauthorizedToken(); // @audit-issue prevents distribute tokens

if (_value == 0) revert InvalidValue();

if (msg.sender == address(sdlToken)) {

(uint256 lockId, uint64 lockingDuration) = abi.decode(_calldata, (uint256, uint64));

if (lockId != 0) {

_storeUpdatedLock(_sender, lockId, _value, lockingDuration);

} else {

_storeNewLock(_sender, _value, lockingDuration);

}

} else {

distributeToken(msg.sender); //@audit unable to distribute token

}

Impact

SDLPool is not able to distribute SDL reward tokens as intended.

Tools Used

Manual Review

Recommendations

--- if (msg.sender != address(sdlToken) && !isTokenSupported(msg.sender)) revert UnauthorizedToken();

+++ if ( !isTokenSupported(msg.sender)) revert UnauthorizedToken();

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

27,500 USDC

nSLOC

1,414

19 USDC / LOC

High Medium

25,000 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.