Closed sherlock-admin closed 1 year ago
ak1
high
removePlugin
removePlugin function is used to removed any of the plugin. It does not check whether the plugin has valid claims.
Plugins are removed from array.. Refer below line of codes. https://github.com/sherlock-audit/2022-11-telcoin/blob/main/contracts/StakingModule.sol#L420-L429
There are no check whether the plugin address that is going to be removed has any valid claim.
If the plugin has any valid claims, that can not be claimed if the plugin address is removed and replaced by new one.
https://github.com/sherlock-audit/2022-11-telcoin/blob/main/contracts/StakingModule.sol#L420-L429
Manual Review
Check whether the plugin that is going to be removed has any valid claim. If it has, recover it and then remove the plugin.
Duplicate of #73
ak1
high
StakingModule.sol#L420 :
removePlugin
should check whether the plugin has any valid claimSummary
removePlugin function is used to removed any of the plugin. It does not check whether the plugin has valid claims.
Vulnerability Detail
Plugins are removed from array.. Refer below line of codes. https://github.com/sherlock-audit/2022-11-telcoin/blob/main/contracts/StakingModule.sol#L420-L429
There are no check whether the plugin address that is going to be removed has any valid claim.
Impact
If the plugin has any valid claims, that can not be claimed if the plugin address is removed and replaced by new one.
Code Snippet
https://github.com/sherlock-audit/2022-11-telcoin/blob/main/contracts/StakingModule.sol#L420-L429
Tool used
Manual Review
Recommendation
Check whether the plugin that is going to be removed has any valid claim. If it has, recover it and then remove the plugin.
Duplicate of #73