Submission Details
Severity:
Withdraw `event` is emitted in internal `_withdraw()` function instead of external `withdraw()` function
Summary
Withdraw event is emitted in internal _withdraw() function instead of external withdraw() function
Vulnerability Details
When a user withdraws his tokens using priorityPool:withdraw(), it calls an internal function _withdraw() & emits the Withdraw event. Now the problem is Withdraw event is emitted in internal _withdraw() instead of main withdraw()
function withdraw(
uint256 _amountToWithdraw,
uint256 _amount,
uint256 _sharesAmount,
bytes32[] calldata _merkleProof,
bool _shouldUnqueue,
bool _shouldQueueWithdrawal
) external {
....
// attempt to withdraw if tokens remain after unqueueing
if (toWithdraw != 0) {
IERC20Upgradeable(address(stakingPool)).safeTransferFrom(
account,
address(this),
toWithdraw
);
@> toWithdraw = _withdraw(account, toWithdraw, _shouldQueueWithdrawal);
}
token.safeTransfer(account, _amountToWithdraw - toWithdraw);
}
function _withdraw(
address _account,
uint256 _amount,
bool _shouldQueueWithdrawal
) internal returns (uint256) {
....
@> emit Withdraw(_account, _amount - toWithdraw);
return toWithdraw;
}
Impact
Event with wrong withdrawal amount will be emitted because _withdraw() only withdraws a subset of total withdrawal amount.
Tools Used
Manual Review
Recommendations
Emits the Withdraw event in the main withdraw()
Updates
Lead Judging Commences
inallhonesty about 1 year ago
Submission Judgement Published Assigned finding tags:
Wrong value emitted in PriorityPool::withdraw event
Prize pool breakdown
Total prize
50,000 USDC
nSLOC
2,53020
USDC / LOC
42,000 USDC
4,250 USDC
3,750 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.