Tadle
Tadle
DeFi
30,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Verification Before Triggering Withdrawal Call

pina

Summary

The withdrawal function lacks necessary verifications, which can lead to unexpected behavior.

Vulnerability Details

When the withdraw function is called, some critical verifications are missing before initiating the transfer:

function withdraw(
address _tokenAddress,
TokenBalanceType _tokenBalanceType
) external whenNotPaused {
uint256 claimAbleAmount = userTokenBalanceMap[_msgSender()][
_tokenAddress
][_tokenBalanceType];
if (claimAbleAmount == 0) {
return;
}
address capitalPoolAddr = tadleFactory.relatedContracts(
RelatedContractLibraries.CAPITAL_POOL
);

The function does not check if the capitalPoolAddr is deployed or if it has sufficient funds before executing the transfer. This oversight can result in unexpected behavior and make it challenging to identify the source of the error.

Impact

Failure to verify these conditions can lead to unexpected behavior and make debugging difficult.

Tools Used

Manual Review

Recommendations

Add the following verifications to ensure proper checks before proceeding with the withdrawal:

function withdraw(
address _tokenAddress,
TokenBalanceType _tokenBalanceType
) external whenNotPaused {
uint256 claimAbleAmount = userTokenBalanceMap[_msgSender()][
_tokenAddress
][_tokenBalanceType];
if (claimAbleAmount == 0) {
return;
}
address capitalPoolAddr = tadleFactory.relatedContracts(
RelatedContractLibraries.CAPITAL_POOL
);
+ if (capitalPoolAddr == address(0x0)) {
+ revert Errors.ContractIsNotDeployed();
+ }
Updates

Lead Judging Commences

0xnevi Lead Judge
11 months ago
0xnevi Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.