[METER-LSD-07] Lack of Blacklist Verification for Deposits and Withdrawals in stMTRG
Impact
The blacklist is not working correctly.
Description
The code below shows that the stMTRG Contract establishes a blacklist and performs sender and receiver verification to prevent unauthorized users from transferring assets.
function _transfer(
address _from,
address _to,
uint256 _value
) internal override {
require(_from != address(0), "ERC20: transfer from the zero address");
require(_to != address(0), "ERC20: transfer to the zero address");
_beforeTokenTransfer(_from, _to, _value);
require(
!_blackList[_from] && !_blackList[_to],
"ERC20Pausable: account is in black list"
);
uint256 shares = _valueToShare(_value);
uint256 fromShares = _shares[_from];
require(fromShares >= shares, "ERC20: transfer amount exceeds balance");
unchecked {
_shares[_from] = fromShares - shares;
_shares[_to] += shares;
}
emit Transfer(_from, _to, _value);
_afterTokenTransfer(_from, _to, _value);
}
Nevertheless, it is worth noting that the withdraw function does not validate the presence of the withdrawer in the blacklist.
Consequently, if one were to employ the withdraw function to exchange stMTRG tokens for MTRG tokens and subsequently make a deposit using a different address, the effectiveness of the blacklist would be disabled
[METER-LSD-07] Lack of Blacklist Verification for Deposits and Withdrawals in stMTRG
Impact
The blacklist is not working correctly.
Description
The code below shows that the stMTRG Contract establishes a blacklist and performs sender and receiver verification to prevent unauthorized users from transferring assets.
Nevertheless, it is worth noting that the withdraw function does not validate the presence of the withdrawer in the blacklist. Consequently, if one were to employ the withdraw function to exchange stMTRG tokens for MTRG tokens and subsequently make a deposit using a different address, the effectiveness of the blacklist would be disabled
Recommendations
Add blacklist functionality to the withdraw functions as well.