The users' stake information stored in self.usersToStakes
can be overwritten which causes the users to lose their stake.
The function stake()
is used to stake Ether for the users themselves or on behalf of other users by determining the _onBehalfOf
address. The code in line 73 has a bug such that a user's existing stake is overwritten by the new msg.value
.
This can be weaponised by an attacker to overwrite a user's existing stake with a much less value defined as MIN_STAKE_AMOUNT
.
The user could lose their stake without a way to recover it.
Manual review and test
Change the code in line 73 with the following:
function test_evmn_stake_stake() public {
// Deal 10 eth to ALICE
deal(ALICE, 10 ether);
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.