Closed sherlock-admin closed 7 months ago
krkba
high
newAddress
setValidatorAddress
There is no validation if newAddress in setValidatorAddress is a contract address.
If a contract address is provided and it doesn't have a necessary function to receive tokens, tokens could be locked in the contract forever.
Loss of funds.
https://github.com/sherlock-audit/2023-11-covalent/blob/main/cqt-staking/contracts/OperationalStaking.sol#L689-L695
Manual Review
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Invalid, user input error not valid based on sherlock rules
krkba
high
Lack of
newAddress
Validation insetValidatorAddress
krkba
Summary
There is no validation if
newAddress
insetValidatorAddress
is a contract address.Vulnerability Detail
If a contract address is provided and it doesn't have a necessary function to receive tokens, tokens could be locked in the contract forever.
Impact
Loss of funds.
Code Snippet
https://github.com/sherlock-audit/2023-11-covalent/blob/main/cqt-staking/contracts/OperationalStaking.sol#L689-L695
Tool used
Manual Review
Recommendation