Submission Details
Severity:
Withdraw `event` is emitted in internal `_withdraw()` function instead of external `withdraw()` function
Summary
Withdraw event is emitted in internal _withdraw() function instead of external withdraw() function
Vulnerability Details
When a user withdraws his tokens using priorityPool:withdraw(), it calls an internal function _withdraw() & emits the Withdraw event. Now the problem is Withdraw event is emitted in internal _withdraw() instead of main withdraw()
function withdraw(
uint256 _amountToWithdraw,
uint256 _amount,
uint256 _sharesAmount,
bytes32[] calldata _merkleProof,
bool _shouldUnqueue,
bool _shouldQueueWithdrawal
) external {
....
// attempt to withdraw if tokens remain after unqueueing
if (toWithdraw != 0) {
IERC20Upgradeable(address(stakingPool)).safeTransferFrom(
account,
address(this),
toWithdraw
);
@> toWithdraw = _withdraw(account, toWithdraw, _shouldQueueWithdrawal);
}
token.safeTransfer(account, _amountToWithdraw - toWithdraw);
}
function _withdraw(
address _account,
uint256 _amount,
bool _shouldQueueWithdrawal
) internal returns (uint256) {
....
@> emit Withdraw(_account, _amount - toWithdraw);
return toWithdraw;
}
Impact
Event with wrong withdrawal amount will be emitted because _withdraw() only withdraws a subset of total withdrawal amount.
Tools Used
Manual Review
Recommendations
Emits the Withdraw event in the main withdraw()
Updates
Lead Judging Commences
inallhonesty 12 months ago
Submission Judgement Published Assigned finding tags:
Wrong value emitted in PriorityPool::withdraw event
Prize pool breakdown
Total prize
50,000 USDC
nSLOC
2,53020 USDC / LOC
42,000 USDC
4,250 USDC
3,750 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.