The getReward
function in the smart contract allows any external caller to claim rewards on behalf of any staker by specifying the staker's address and reward index. The function lacks proper authorization checks to ensure that only the legitimate staker or an authorized entity can initiate the reward claim process.
Any can call getReward
function pass a other staker address claim reward on behalf of stker even if amount is transfer into staker but it gives unauthorized access to call anyone
This vulnerability allows unauthorized users to call the getReward
function and trigger the reward distribution process for any staker. While the rewards are still credited to the legitimate staker, the lack of access control can lead to potential front-running or griefing attacks where an attacker can interfere with the timing of reward claims.
Medium
Contract Snippet:
Exploit Scenario:
Assume attacker
wants to interfere with staker1
's reward claims.
attacker
calls the getReward
function using staker1
's address and the appropriate reward index:
The function executes and triggers the reward distribution for staker1
without any authorization check on attacker
.
While the reward is still transferred to staker1
, the timing of the claim can be disrupted, causing potential issues with reward scheduling or transaction costs.
Manual, Foundry
To mitigate this vulnerability, implement an authorization mechanism that ensures only the staker or an explicitly authorized entity can initiate the reward claim process. Below is an example of how this can be achieved:
Authorization Mapping and Modifier:
Updated getReward
Function:
Explanation:
The onlyAuthorized
modifier checks if the caller is either the staker themselves or an authorized entity.
The authorizeCaller
and revokeCaller
functions allow stakers to manage which addresses are authorized to claim rewards on their behalf.
This ensures that only legitimate and authorized calls to getReward
are processed, preventing unauthorized interference.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.