Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Lack of Token Whitelisting on tillIn

rea

Summary

There is no mechanism to ensure that only whitelisted tokens are accepted in the tillIn function. An attacker could exploit this by depositing non-whitelisted or malicious tokens

Vulnerability Details

An attacker could till in a malicious token, potentially disrupting the capital pool's operations or introducing vulnerabilities in the ecosystem if the malicious token has adverse effects

Impact

The presence of the non-whitelisted tokens could lead to issues in token accounting, market manipulation, or contract malfunction.

Tools Used

Manual review

CODE SNIPPET

function tillIn(
address accountAddress,
address tokenAddress,
uint256 amount,
bool isPointToken
) external payable;

Recommendations

Implement a check in the tillIn function to verify if the token is whitelisted before accepting the transaction.

function tillIn(
address accountAddress,
address tokenAddress,
uint256 amount,
bool isPointToken
) external payable{
if(!isTokenWhitelisted(tokenAddress)){
revert
TokenIsNotWhiteListed(tokenAddress);
}
//function logic
}
function isTokenWhitelisted(address
tokenaAdress)internal view returns(bool)
{
//check if token is whitelisted
}
Updates

Lead Judging Commences

0xnevi Lead Judge
about 1 year ago
0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.