Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: medium
Invalid

Dangerous strict equalities leading to manipulation

Summary

Use of strict equalities that can be easily manipulated by an attacker.

Vulnerability Details

Staking::claimRewards uses a dangerous strict equality:
- lastClaim[msg.sender] == 0 (src/Staking.sol#73)

Staking::deposit uses a dangerous strict equality:
- loveToken.balanceOf(address(stakingVault)) == 0 (src/Staking.sol#51)

Impact

Attackers can easily manipulate the vault draining its funds to zero.

Tools Used

Slither

Recommendations

Don't use strict equality to determine if an account has enough Ether or tokens.

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.