HOPR is an open incentivized mixnet which enables privacy-preserving point-to-point data exchange. HOPR is similar to Tor but actually private, decentralized and economically sustainable.
Github username: @9olidity
Submission hash (on-chain): 0x952e8f7eda8b4491a1d2d95c89e1659a595541d8f82c9462e3cc2fa3ccf483d4
Severity: high
Description:Description\
The function of HoprStake::reclaimErc20Tokens() function is
Reclaim any ERC20 token being accidentally sent to the contract.
However, the function only determines whether the token is LOCK_TOKEN, and does not determine whether the token is REWARD_TOKEN. If the administrator takes out the REWARD_TOKEN in the contract, the _claim() function will not be able to execute normally due to the insufficient number of REWARD_TOKEN in the contract.
This situation is possible. After all, the function considers the situation when tokenaddress is LOCK_TOKEN.
Attack Scenario\
When the administrator executes the reclaimErc20Tokens() function and the input tokenAddress is the REWARD_TOKENaddress
Attachments
Proof of Concept (PoC) File
When the administrator executes the reclaimErc20Tokens() function and the input tokenAddress is the REWARD_TOKENaddress
Github username: @9olidity Submission hash (on-chain): 0x952e8f7eda8b4491a1d2d95c89e1659a595541d8f82c9462e3cc2fa3ccf483d4 Severity: high
Description: Description\ The function of
HoprStake::reclaimErc20Tokens()
function isHowever, the function only determines whether the token is
LOCK_TOKEN
, and does not determine whether the token isREWARD_TOKEN
. If the administrator takes out theREWARD_TOKEN
in the contract, the_claim()
function will not be able to execute normally due to the insufficient number ofREWARD_TOKEN
in the contract.This situation is possible. After all, the function considers the situation when tokenaddress is LOCK_TOKEN.
Attack Scenario\
When the administrator executes the
reclaimErc20Tokens()
function and the input tokenAddress is theREWARD_TOKEN
addressAttachments
When the administrator executes the
reclaimErc20Tokens()
function and the input tokenAddress is theREWARD_TOKEN
address