Open hats-bug-reporter[bot] opened 1 week ago
Bit correction:
- function delegate(StakingAddress to, uint128 amount) public onlyOwner returns (uint64) {
+ function delegate(StakingAddress to) public payable onlyOwner returns (uint64) {
- require(amount < type(uint128).max, ">MaxUint128");
+ require(msg.value > 0 && msg.value < type(uint128).max, ">MaxUint128");
- require(amount > 0, "ZeroDelegate");
+ uint128 amount = uint128(msg.value);
uint64 receiptId = nextReceiptId++;
Subcall.consensusDelegate(to, amount, receiptId);
delegationReceipts[receiptId] = DelegationReceipt({
exists: true,
to: to,
blockNumber: block.number,
receiptTaken: false,
receiptTakenBlockNumber: 0,
shares: 0,
amount: amount
});
emit Delegate(to, amount, receiptId);
return receiptId;
}
delegate(StakingAddress to, uint128 amount)
delegates the amount
from minter contract to the StakingAddress
. No new tokens should be added via delegate
– they can be added via deposit
or direct transfer to the contract.
Github username: -- Twitter username: -- Submission hash (on-chain): 0xcfbb1f68acaf08db07deb2d507a8e199c56d52b0a3fa4c3c03ed9efab16c1ef4 Severity: medium
Description: Description\
stROSEMinter.sol
hasdelegate()
function which can be accessed by contract owner to delegate the ROSE to staking address.delegate()
would increase delegation by sending an amount of ROSE to the contract address. As per OASIS documentation,A minimum 100 ROSE tokens would be able to delegate to staking address. The issue is that, the native ROSE token which is OASIS chains native token can be sent during
delegate()
function call asdelegate()
is not payable. To sendROSE
tokens to contract in order to succesful delegate,delegate()
should bepayable
.Impact\ This breaks contracts core functionality due to failure of sending native ROSE to contract inorder to further delegate to recipient address.
Recommendations\ Consider
delegate()
to be payable.