search

sherlock-audit / 2023-11-covalent-judging

3 stars 2 forks source link

Dobry - Anyone can call `redeemRewards` and redeem rewards #125

Closed sherlock-admin2 closed 7 months ago

sherlock-admin2 commented 7 months ago

Dobry

medium

Anyone can call redeemRewards and redeem rewards

Summary

The function redeemRewards has no modifier and can be called by anyone.

Vulnerability Detail

The function redeemRewards has no modifier and can be called by anyone, which means that funds can get stolen

Impact

The function redeemRewards has no modifier and can be called by anyone.

Code Snippet

    function redeemRewards(uint128 validatorId, address beneficiary, uint128 amount) external whenNotPaused {

Tool used

Manual Review

Recommendation

Check if the user that is calling the function is the user that stands behind the passed validatorId

sherlock-admin2 commented 7 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid

nevillehuang commented 6 months ago

Invalid, similar reasonings to #90