0xisaacc
commented
4 months ago Here's an example fix.
- Create a bool called claimed
+ mapping(IERC20Rebasing => mapping(address => bool)) public override claimed;- Update the function with the necessary checks.
function claim(address erc20Rebasing_, address recipient_, uint256 amount_) external virtual returns (uint256) { _checkAccessForManageBlastERC20Rebasing(); + require(!claimed[erc20Rebasing_][recipient_], "already claimed"); + claimed[erc20Rebasing_][recipient_] = true; return IERC20Rebasing(erc20Rebasing_).claim(recipient_, amount_); }
BohdanHrytsak
Github username: -- Twitter username: -- Submission hash (on-chain): 0x71185daa4cbc7c30c1ae74b955681c6bab862a36c455aea97c020feb01b90fe0 Severity: high
Description: Description\ The claim function is used to claim rebasing tokens on behalf of the caller and it transfers them to the specified recipient.
The function doesn't check to ensure that the recipient hasn't already claimed his rebasing tokens before claiming funds to their address. This allows a malicious recipient who has already received his rebasing tokens to request for more tokens even though he has already gotten his rebased tokens. This will lead to a theft of the ERC20 rebasing tokens.
https://github.com/Satsyxbt/Fenix-dex-v3/blob/652bfd4d1035c3d63af14522baa611e3d22d963f/src/core/contracts/base/BlastERC20RebasingManage.sol#L42
Recommendation
Let the function revert if the recipient has already received his rebasing tokens.