TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Burned Tokens

1337web3

Summary

The TempleGoldStaking::recoverToken function does not include a check to ensure that the _to address is not the zero address (address(0)), which could result in tokens being burned when attempting to recover them. This renders the recovery call ineffective.

Vulnerability Details

https://github.com/Cyfrin/2024-07-templegold/blob/57a3e597e9199f9e9e0c26aab2123332eb19cc28/protocol/contracts/templegold/TempleGoldStaking.sol#L381

The recoverToken function allows elevated access to recover tokens that are neither staking tokens nor reward tokens. However, there is no validation to ensure that the recipient address (_to) is not the zero address (address(0)). If _to is address(0), the safeTransfer function will burn the tokens instead of transferring them to a valid recipient.

/**
* @notice Elevated access can recover tokens which are not staking or reward tokens
* @param _token Token to recover
* @param _to Recipient
* @param _amount Amount of tokens
*/
function recoverToken(address _token, address _to, uint256 _amount) external override onlyElevatedAccess {
if (_token == address(stakingToken) || _token == address(rewardToken ))
{ revert CommonEventsAndErrors.InvalidAddress(); }
IERC20(_token).safeTransfer(_to, _amount);
emit CommonEventsAndErrors.TokenRecovered(_to, _token, _amount);
}

Impact

Without a check for address(0), tokens can be inadvertently burned, making the recovery attempt futile and potentially resulting in the loss of tokens that are meant to be recovered and utilized elsewhere.

Tools Used

Manual Review

Recommendations

Add a check to ensure that the _to address is not address(0) before proceeding with the token transfer.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.