DeFiHardhat
21,000 USDC
View results
Submission Details
Severity: medium
Invalid

Incomplete Withdrawal Handling

Summary

The _withdrawTokens function may prematurely exit the loop without fully withdrawing the requested amount, leading to incomplete withdrawals.

Vulnerability Details

If the loop exits prematurely due to the termination condition (i < stems.length) && (a.active.tokens < maxTokens), some amounts may not be withdrawn, potentially leaving the contract in an inconsistent state.

Impact

Incomplete withdrawals can result in users not receiving the full amount of tokens they requested to withdraw, leading to a loss of funds or an inconsistent state in the contract. This can undermine the trust and functionality of the system, impacting user experience and potentially causing financial losses.

Tools Used

Manual

Recommendations

Ensure that the function completes all necessary withdrawal operations before exiting the loop. Consider reverting the transaction if the requested amount cannot be fully withdrawn.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.