Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Wrong error message in setRewardsReceiver()::OperatorVault.sol

0xziin

Summary

Wrong error message in setRewardsReceiver()::OperatorVault.sol line 263.

https://github.com/Cyfrin/2024-09-stakelink/blob/main/contracts/linkStaking/OperatorVault.sol#L263

Vulnerability Details

function setRewardsReceiver(address _rewardsReceiver) public {
if (rewardsReceiver != address(0) && msg.sender != rewardsReceiver)
revert OnlyRewardsReceiver();
if (rewardsReceiver == address(0) && msg.sender != owner())
revert OnlyRewardsReceiver();
if (_rewardsReceiver == address(0)) revert ZeroAddress();
rewardsReceiver = _rewardsReceiver;
emit SetRewardsReceiver(_rewardsReceiver);
}

==> error OnlyRewardsReceiver() was already processed at Line 261 to 262.

if (rewardsReceiver == address(0) && msg.sender != owner()) revert OnlyRewardsReceiver();

It should be revert OnlyOnwer(); and not OnlyRewardsReceiver().

Impact

Error messages are there to lead the end user and/or the off chain Dapp connected to the smart contract.
A wrong error message could mislead the end user trying to figure out why his transaction failed.
The off chain Dapps used by the users will also be impacted if they give back to the users the nature of the error message or take any action regarding this specific error message being wrong.

Tools Used

Github, Manual review.

Recommendations

Replace at line 263 :

if (rewardsReceiver == address(0) && msg.sender != owner()) revert OnlyRewardsReceiver();

=> with revert OnlyOnwer(); and not OnlyRewardsReceiver().

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.