sherlock-admin2
commented
7 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
valid because { This is valdi and a dupp of 008}
Closed sherlock-admin2 closed 7 months ago
sherlock-admin2
commented
7 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
valid because { This is valdi and a dupp of 008}
bigbick123456789000
medium
Unchecked Transfer in
topUpFunctionSummary
The
topUpfunction in theStakingRewardsManagercontract lacks proper validation of the result of thetransferFromoperation, potentially leading to vulnerabilities.Vulnerability Detail
In the
topUpfunction, the contract attempts to transfer ERC-20 tokens using thetransferFromfunction without checking the return value. The relevant code snippet is as follows:This operation could be exploited by a malicious
msg.senderto initiate a trade without sending any underlying tokens. If thetransferFromfunction fails but does not revert, the contract will proceed without detecting the failure.Impact
The lack of proper validation for the success of the
transferFromoperation can lead to potential financial losses, as the contract may proceed with topping up the staking contract even if the token transfer fails.Code Snippet
Link
Tool used
Manual Review
Recommendation
It is essential to check the return value of the
transferFromfunction and revert the transaction if the transfer is unsuccessful. Also you can consider using OpenZeppelin's library with safe versions of transfer functions.Duplicate of #8