Closed sherlock-admin closed 6 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { This is invalid asif there is need of ownership transfer ; it should be after deployment and the admin will do that}
0x_Sanzcy
high
StakingRewards Contract can't be managed StakingRewardsManager due to lack of ownership
Summary
// in order to manage this contract we have to own it
According to the comments the
stakingRewards
contract needs to be owned by thestakingRewardsManager
in order to manage by it, this allows theRewardManger
to send/ increase therewardTokens
in a case where it's not enough in the staking contract or remove thestakingRewards
contract among other things.Vulnerability Detail
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit%2Fcontracts%2Ftelx%2Fcore%2FStakingRewardsFactory.sol#L43-L66
The newly created
stakingRewards
contract will be owned by the factory owner if the ownership isn't transferred to thestakingRewardsManager
When adding the
stakingRewardsContract
the ownership isn't transferred to thestakingRewardsManager
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit%2Fcontracts%2Ftelx%2Fcore%2FStakingRewardsManager.sol#L144-L160
Impact
This will make managing the
stakingRewards
contract unmanageable by thestakingRewardsManager
Code Snippet
Tool used
Manual Review
Recommendation
Ensure the ownership is transferred.
Duplicate of #100