search

hats-finance / Inverter-Network-0xe47e52c4fea05e555920f1dcdcc6fb8eca103eeb

Fork of the Inverter Smart Contracts Repository
GNU Lesser General Public License v3.0
0 stars 3 forks source link

`FM_Rebasing_v1.sol::withdrawTo` is missing `validAddress` modifier #113

Open hats-bug-reporter[bot] opened 3 months ago

hats-bug-reporter[bot] commented 3 months ago

Github username: @erictee2802 Twitter username: 0xEricTee Submission hash (on-chain): 0x54752d303f63a65e2a551c70ddd2b5c1120a7040375db355ac7d5d912ed22f0f Severity: low

Description: Description\

In FM_Rebasing_v1.sol::transferOrchestratorToken:

function transferOrchestratorToken(address to, uint amount)
        external
        onlyOrchestrator
        validAddress(to)
    {
        _transferOrchestratorToken(to, amount);
    }

Notice that the modifier validAddress is implemented to prevent Orchestrator from sending token to address(0) or address(this).

However in the following function in FM_Rebasing_v1.sol::

    function withdrawTo(address to, uint amount) external {
        _withdraw(_msgSender(), to, amount);
    }

The functions above is missing validAddress modifier. As a result, tokens can be mistakenly sent to address(0) or address(this) which will impact and shrink the DEPOSIT_CAP.

Attack Scenario\

tokens can be mistakenly sent to address(0) or address(this) which will impact and shrink the DEPOSIT_CAP.

Attachments

NA

  1. Proof of Concept (PoC) File

Manual analysis

  1. Revised Code File (Optional)
    • Consider adding the validAddress modifier to FM_Rebasing_v1.sol::withdrawTo function.
FHieser commented 3 months ago

The withdraw is sending the collateral token and not the Elastic Token part, so should be invalid. Also the DepositCap cant be changed because its constant