jack-the-pug
commented
2 years ago It won't necessarily be so if sherDistributionManager is another implementation.
Closed code423n4 closed 2 years ago
jack-the-pug
commented
2 years ago It won't necessarily be so if sherDistributionManager is another implementation.
Handle
pedroais
Vulnerability details
Impact
Useless check wastes gas
Proof of Concept
https://github.com/code-423n4/2022-01-sherlock/blob/c763f10c4b5fe2127677d6c25b83adcf3bcec212/contracts/Sherlock.sol#L430
In Sherlock.sol the _stake function transfers a _sher amount of rewards to the staker and then checks if balance-amount = _sher. There is no way this will be false since _sher isn't a fee on transfer token and the transfer is a safeTransfer
The _sher amount will always be equal to the transferred amount : https://github.com/code-423n4/2022-01-sherlock/blob/c763f10c4b5fe2127677d6c25b83adcf3bcec212/contracts/managers/SherDistributionManager.sol#L80
Recommended Mitigation Steps
Remove this code : uint256 actualAmount = sher.balanceOf(address(this)) - before; if (actualAmount != _sher) revert InvalidSherAmount(_sher, actualAmount);