The liquidity provider isnt able to specify on what address he wants to receive the tokens so this can be a problem if he gets for example blacklisted while having the tokens in the pools. The transaction will then revert and liquidity providers can fail to withdraw their assets that they deposited.
Impact
The LP will not be able to specify where he wants to receive his tokens so if he gets blacklisted then he will not be able to withdraw liquidity because the transfer would revert.
As you can see in _withdrawLiquidityAndClaim(), the reclaimed tokens are transferred to the msg.sender and there is no way to specify an address where to receive tokens
Tools Used
Manual Review
Recommended Mitigation Steps
Allow the LP to specify an address where they want to receive their reclaimed assets.
Lines of code
https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/staking/Liquidity.sol#L131-L132
Vulnerability details
When a liquidity provider wants to withdraw his liquidity, the reclaimed tokens are transferred to the msg.sender.
https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/staking/Liquidity.sol#L131-L132
The liquidity provider isnt able to specify on what address he wants to receive the tokens so this can be a problem if he gets for example blacklisted while having the tokens in the pools. The transaction will then revert and liquidity providers can fail to withdraw their assets that they deposited.
Impact
The LP will not be able to specify where he wants to receive his tokens so if he gets blacklisted then he will not be able to withdraw liquidity because the transfer would revert.
Proof of Concept
As you can see in
_withdrawLiquidityAndClaim()
, the reclaimed tokens are transferred to the msg.sender and there is no way to specify an address where to receive tokensTools Used
Manual Review
Recommended Mitigation Steps
Allow the LP to specify an address where they want to receive their reclaimed assets.
Assessed type
Token-Transfer