sherlock-admin2
commented
7 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Closed sherlock-admin closed 7 months ago
sherlock-admin2
commented
7 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
nevillehuang
commented
6 months ago Invalid, user input error not valid based on sherlock rules
krkba
high
Lack of
newAddressValidation insetValidatorAddresskrkba
Summary
There is no validation if
newAddressinsetValidatorAddressis a contract address.Vulnerability Detail
If a contract address is provided and it doesn't have a necessary function to receive tokens, tokens could be locked in the contract forever.
Impact
Loss of funds.
Code Snippet
https://github.com/sherlock-audit/2023-11-covalent/blob/main/cqt-staking/contracts/OperationalStaking.sol#L689-L695
Tool used
Manual Review
Recommendation