search

code-423n4 / 2022-02-concur-findings

2 stars 0 forks source link

missing check on claimed token #232

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-02-concur/blob/main/contracts/Shelter.sol#L52

Vulnerability details

Impact

the withdraw() can be used by user to claim a token, however this function didnt check of the user had already claimed or not, therefore setting claimed[_token][_to] = true; is useless, therefore the user can claimed in multiple times, till the contract is drained.

Proof of Concept

https://github.com/code-423n4/2022-02-concur/blob/main/contracts/Shelter.sol#L52

r2moon commented 2 years ago

https://github.com/code-423n4/2022-02-concur-findings/issues/246

GalloDaSballo commented 2 years ago

Duplicate of #246