Open code423n4 opened 2 years ago
Because I'm judging the contest am forfeiting any warden winnings.
The sponsor confirms and I believe this to be medium severity as it is contingent on a malicious owner. Adding the extra check removes the rug vector
Lines of code
https://github.com/code-423n4/2022-02-concur/blob/main/contracts/StakingRewards.sol#L166
Vulnerability details
Impact
StakingRewards.recoverERC20
rightfully checks against thestakingToken
being sweeped away. However there's no check against therewardsToken
which over time will sit in this contract.This is the case of an admin privilege, which allows the owner to sweep the rewards tokens, perhaps as a way to rug depositors
Proof of Concept
calling
StakingRewards.recoverERC20(rewardsToken, rewardsToken.balanceOf(this))
enables theowner
to sweep the tokenRecommended Mitigation Steps
Add an additional check