Closed sherlock-admin2 closed 9 months ago
2 comment(s) were left on this issue during the judging contest.
takarez commented:
valid because {This is valid and a dupp of 016 also with minimal impact}
takarez commented:
invalid because { This is invalid because the failed function is an indication that there is something wrong with inputed index thus allowing the caller to put the right va;ue; and this is not DOS btw}
fibonacci
medium
StakingRewardsManager
: incorrectStakingRewards
contracts top upSummary
The
topUp
function uses incorrect indices to retrieve aStakingRewards
contract for top up.Vulnerability Detail
This function receives an array of staking indices that need to be top upped. It then iterates over these indices. However, instead of using the value from this array, it uses the value of the current iteration of the loop.
Therefore, if, for instance, an array with indices
[3, 7]
is provided, stakings with indices[0, 1]
will be mistakenly top upped.Impact
Unexpected
StakingRewards
contracts may be top upped.Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/telx/core/StakingRewardsManager.sol#L260
Tool used
Manual Review
Recommendation
Duplicate of #16