Open code423n4 opened 2 years ago
hubble
Since there is an option for the promoter to provide an alternate address while issuing cancelPromotion apart from the creator(promoter address) It is good to track the _to address where the remainingRewards are sent on cancelPromotion
contract : TwabRewards line 50 : event PromotionCancelled(uint256 indexed promotionId, uint256 amount);
function : cancelPromotion(uint256 _promotionId, address _to) line 135 : emit PromotionCancelled(_promotionId, _remainingRewards);
Manual review
Add the 'to address' in the event, as below
line 50 : event PromotionCancelled(uint256 indexed promotionId, address to, uint256 amount);
function : cancelPromotion(uint256 _promotionId, address _to) line 135 : emit PromotionCancelled(_promotionId, _to, _remainingRewards);
Handle
hubble
Vulnerability details
Impact
Since there is an option for the promoter to provide an alternate address while issuing cancelPromotion apart from the creator(promoter address) It is good to track the _to address where the remainingRewards are sent on cancelPromotion
Proof of Concept
contract : TwabRewards line 50 : event PromotionCancelled(uint256 indexed promotionId, uint256 amount);
function : cancelPromotion(uint256 _promotionId, address _to) line 135 : emit PromotionCancelled(_promotionId, _remainingRewards);
Tools Used
Manual review
Recommended Mitigation Steps
Add the 'to address' in the event, as below
line 50 : event PromotionCancelled(uint256 indexed promotionId, address to, uint256 amount);
function : cancelPromotion(uint256 _promotionId, address _to) line 135 : emit PromotionCancelled(_promotionId, _to, _remainingRewards);