Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Unchecked Return Value in StakingPool

polnaref

Summary

An unchecked return value vulnerability was found in contracts/core/StakingPool.sol (Lines 585-590 and 592). The return value of transferAndCallFrom is not checked, which may cause undetected transfer failures and improper fee handling.

Vulnerability Details

In the loop, transferAndCallFrom is called to transfer fees, but its return value is not checked. This can lead to undetected transfer failures, resulting in loss of funds or incorrect accounting of fees.

Impact

Failed transfers could go unnoticed, potentially causing fund misallocation and inconsistencies in fee payments.

Tools Used

  • VS (Manual code review)

Recommendations

Add a require statement to ensure the success of each transfer. Here's the corrected code:

for (uint256 i = 0; i < receivers.length; i++) {
for (uint256 j = 0; j < receivers[i].length; j++) {
if (feesPaidCount == totalFeeCount - 1) {
require(
transferAndCallFrom(
address(this),
receivers[i][j],
balanceOf(address(this)),
"0x"
),
"Transfer failed"
);
} else {
require(
transferAndCallFrom(address(this), receivers[i][j], feeAmounts[i][j], "0x"),
"Transfer failed"
);
feesPaidCount++;
}
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.