User could withdraw their available via token manager until capital Pool has balance.
Summary
TokenManager has withdraw function, that does not reset the claimAbleAmount after withdraw, so malicious user could withdraw several times if capital pool has balance.
Vulnerability Details
In the above code, the protocol does not reset userTokenBalanceMap value after success to send.
Impact
The malicious user could withdraw several times if capital pool has balance.
Tools Used
Manual Review
Recommendations
We need reset userTokenBalanceMap value after withdraw success.
Lead Judging Commences
finding-TokenManager-withdraw-userTokenBalanceMap-not-reset
Valid critical severity finding, the lack of clearance of the `userTokenBalanceMap` mapping allows complete draining of the CapitalPool contract. Note: This would require the approval issues highlighted in other issues to be fixed first (i.e. wrong approval address within `_transfer` and lack of approvals within `_safe_transfer_from` during ERC20 withdrawals)
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.