Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Missing Validation for Deposits with Non-Whitelisted Tokens

Deleted user

[HIGH-1] Missing Validation for Deposits with Non-Whitelisted Tokens

Severity: High

Description:
The contract does not adequately check whether the token being deposited is part of the whitelisted tokens. Although deposits of non-whitelisted tokens will revert as expected, the lack of explicit validation could lead to unclear error messages or unexpected behavior if the contract is modified in the future.

Impact:
Users may unintentionally deposit unsupported tokens, resulting in wasted gas fees and confusion due to unclear revert messages.

Proof of Concept:
The following test demonstrates that deposits with unsupported tokens revert, but the revert reason is not clearly defined:

function test_deposit_non_whitelisted_token() public {
ERC20Mock usdt = new ERC20Mock();
usdt.mint(user1, 1e19);
vm.startPrank(user1);
usdt.approve(address(cd), type(uint256).max);
vm.expectRevert(); // Deposit should fail, but no clear revert reason is provided
cd.deposit(address(usdt), 1e18);
vm.stopPrank();
}

Recommended Mitigation:
Explicitly validate deposits to ensure only whitelisted tokens are accepted, with a clear revert reason:

require(
token == wbtc || token == weth || token == usdc,
"Unsupported token"
);
Updates

Lead Judging Commences

0xtimefliez Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.