Closed sherlock-admin closed 7 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
valid because { even though its quietly different than the issue 016 but the underlying cause is the same; i will consider it valid and a dupp of it; and also the recommendation here is not so robust; so i protest againts using it.}
VAD37
medium
StakingRewardsManager.sol
functiontopUp()
does not use array index orindices
to setup configSummary
The
topUp()
function inStakingRewardsManager.sol
have inputuint256[] memory indices
but this was not used correctly. Instead it just useindices.length
to loop through all staking contracts array from0
tolength
.The expected behaviour is changing config for specific staking contract by using
indices
as index. But what happen is it change all staking contracts in the array from index 0 to input length.Vulnerability Detail
Looking at topUp() function in
StakingRewardsManager.sol
Input variable
indices
is only used as array length. It suppose to be used like thisIf admin intention is topUp all staking contracts at once then there is no need to input entire array and only need to input
uint length
of array is enough.Impact
topUp()
will run out of gas if stakingContracts array length is too large.Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/telx/core/StakingRewardsManager.sol#L251-L278
Tool used
Manual Review
Recommendation
Use indices array as index
Duplicate of #16