The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

rewards will be lost due to a conflict in tokens symbols

ubl4nk

Summary

If there are some assets/tokens with the same symbol, then the rewards will be overwritten and due to this, a part of rewards will be lost.

Vulnerability Details

Token symbol is not good choice as a unique identifier, because there are some tokens with the same symbols, here are some example of that tokens:

Basic Attention Token (BAT) & BlockAsset Token (BAT) & Block Array Token (BAT) & BabbageCoin (BAT)
Chainlink (LINK) & LINK Network (LINK)
Etheroll (DICE) & Ultra Salescloud (DICE)
OmiseGO (OMG) & Omgfin (OMG)
Numeraire (NMR) & Namecoin (NMR)
Single Collateral DAI (SAI) & Saiyan Inu (SAI)
Etc

So any conflict on token symbol will cause to rewards being overwritten and that token won't be distributed between stakers and will be lost (Only the second-one can be claimable by user/staker):

rewards[abi.encodePacked(_position.holder, asset.token.symbol)] += _portion;

Impact

User/Staker will lose a part of reward.

Tools Used

Manual Review

Recommendations

Consider not using token.symbol as the key of rewards mapping, instead you should use another identifier that doesn't have any conflict:

diff --git a/contracts/LiquidationPool.sol b/contracts/LiquidationPool.sol

index 9b8e593..605df78 100644

--- a/contracts/LiquidationPool.sol

+++ b/contracts/LiquidationPool.sol

@@ -165,9 +165,9 @@ contract LiquidationPool is ILiquidationPool {

ITokenManager.Token[] memory _tokens = ITokenManager(tokenManager).getAcceptedTokens();

for (uint256 i = 0; i < _tokens.length; i++) {

ITokenManager.Token memory _token = _tokens[i];

- uint256 _rewardAmount = rewards[abi.encodePacked(msg.sender, _token.symbol)];

+ uint256 _rewardAmount = rewards[abi.encodePacked(msg.sender, _token.addr)];

if (_rewardAmount > 0) {

- delete rewards[abi.encodePacked(msg.sender, _token.symbol)];

+ delete rewards[abi.encodePacked(msg.sender, _token.addr)];

if (_token.addr == address(0)) {

(bool _sent,) = payable(msg.sender).call{value: _rewardAmount}("");

require(_sent);

@@ -224,7 +224,7 @@ contract LiquidationPool is ILiquidationPool {

costInEuros = _position.EUROs;

}

_position.EUROs -= costInEuros;

- rewards[abi.encodePacked(_position.holder, asset.token.symbol)] += _portion;

+ rewards[abi.encodePacked(_position.holder, asset.token.addr)] += _portion;

burnEuros += costInEuros;

if (asset.token.addr == address(0)) {

nativePurchased += _portion;

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Assigned finding tags:

informational/invalid

ubl4nk Submitter

over 1 year ago

ubl4nk Submitter

over 1 year ago

hrishibhat Lead Judge

over 1 year ago

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Assigned finding tags:

informational/invalid

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.