code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-stader/blob/main/contracts/SDCollateral.sol#L47-L49 https://github.com/code-423n4/2023-06-stader/blob/main/contracts/SDCollateral.sol#L68-L70

Vulnerability details

Impact

Some tokens do not return the success of the token submission. Because Since we don’t know for sure how the SD token is implemented, we need to take this into account.

Proof of Concept

A detailed example is listed in: https://github.com/d-xo/weird-erc20#missing-return-value

Tools Used

Manual audit

Recommended Mitigation Steps

Use safeTransfer from openZeppelin library

Assessed type

Token-Transfer

c4-judge commented 1 year ago

Picodes marked the issue as satisfactory

c4-judge commented 1 year ago

Picodes marked the issue as primary issue

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Invalid

c4-judge commented 1 year ago

Picodes marked the issue as nullified

c4-judge commented 1 year ago

Picodes marked the issue as not nullified

manoj9april commented 1 year ago

SD transfers are boolean checked.

c4-sponsor commented 1 year ago

manoj9april marked the issue as sponsor disputed

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Invalid

code-423n4 / 2023-06-stader-findings

Tokens can be lost when trying to deposit in SDCaollateral.depositSDAsCollateral() or trying to withdraw SDCaollateral.withdraw() #380

Lines of code

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Assessed type