search

code-423n4 / 2023-10-canto-findings

0 stars 1 forks source link

`LiquidityMining.sol` cannot be `funded` for rewards distribution. #283

Closed c4-submissions closed 1 year ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L192-L195 https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L285-L289

Vulnerability details

During a rewards claim LiquidityMining.sol uses a low-level call with the msg.value as the rewardsToSend to the liquidity providers, but the contract lacks a receive() or fallback() function for funds be deposited in it, leaving the contract empty and unable to send rewards to the liquidity providers when they try to claim rewards.

You can see in the claimConcentratedRewards()


    function claimConcentratedRewards(
        address payable owner,
        bytes32 poolIdx,
        int24 lowerTick,
        int24 upperTick,
        uint32[] memory weeksToClaim
    ) internal {
// More code...
        if (rewardsToSend > 0) {
            (bool sent, ) = owner.call{value: rewardsToSend}("");
            require(sent, "Sending rewards failed");
        }
    }

You can see in the claimAmbientRewards()


 function claimAmbientRewards(
        address owner,
        bytes32 poolIdx,
        uint32[] memory weeksToClaim
    ) internal {
//more code..
        if (rewardsToSend > 0) {
            (bool sent, ) = owner.call{value: rewardsToSend}("");
            require(sent, "Sending rewards failed");
        }
    }

Impact

Rewards cannot be sent out to liquidity providers as there is no way for funds to be deposited in the contract that send out reward (LiquidityMining.sol).

Tools Used

Manual Review

Recommended Mitigation Steps

A recieve or fallback function should be added to LiquidityMining.sol to enable funds to be deposited for reward distribution.

Assessed type

call/delegatecall

141345 commented 1 year ago

invalid

this contract is used through delegatedcall

c4-pre-sort commented 1 year ago

141345 marked the issue as low quality report

c4-judge commented 1 year ago

dmvt marked the issue as unsatisfactory: Invalid