Detailed description of the impact of this finding.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
function handleSlashing(IERC20 token, uint256 amount) external {
if (amount == 0) revert ZeroAmount();
if (!_config().supportedAssets[token]) revert UnsupportedAsset();
@> SafeTransferLib.safeTransferFrom(address(token), msg.sender, address(this), amount);
// Below is where custom logic for each asset lives
@> SafeTransferLib.safeTransfer(address(token), address(0), amount);
}
the function safeTransferFrom may not transfer exactly amount of tokens, for tokens with a fee on transfer. This means that the safeTransfer call in the next line would be sending more tokens leading to accounting issues.
Tools Used
Recommended Mitigation Steps
It is recommended to find the balance of the current contract before and after the transferFrom to see how much tokens were received, and sendonly what was received.
Lines of code
https://github.com/code-423n4/2024-07-karak/blob/main/src/SlashingHandler.sol#L52
Vulnerability details
Impact
Detailed description of the impact of this finding.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. function handleSlashing(IERC20 token, uint256 amount) external { if (amount == 0) revert ZeroAmount(); if (!_config().supportedAssets[token]) revert UnsupportedAsset();
@> SafeTransferLib.safeTransferFrom(address(token), msg.sender, address(this), amount); // Below is where custom logic for each asset lives @> SafeTransferLib.safeTransfer(address(token), address(0), amount); }
the function safeTransferFrom may not transfer exactly amount of tokens, for tokens with a fee on transfer. This means that the safeTransfer call in the next line would be sending more tokens leading to accounting issues.
Tools Used
Recommended Mitigation Steps
It is recommended to find the balance of the current contract before and after the transferFrom to see how much tokens were received, and sendonly what was received.
Assessed type
ERC20