Closed sherlock-admin2 closed 6 months ago
There are two different recoverERC20()
functions on two different contracts. The ordering of the two functions are different. The recoverERC20FromStaking()
function is not attempting to call the recoverERC20()
on the StakingRewardsManager
. This function is external as can be seen by the code snippet provided. It is calling a function by the same name of the StakingRewards
contract that is out of scope.
Invalid, the call to staking.recoverERC20()
is via the staking contract here, so the parameters order is correct
https://github.com/telcoin/telcoin-audit/commit/8886b2bb9616fd41fe191cd1eaec855a3db570eb Not a valid issue, made changes here for clarity.
The protocol team fixed this issue in PR/commit https://github.com/telcoin/telcoin-audit/commit/8886b2bb9616fd41fe191cd1eaec855a3db570eb.
The Lead Senior Watson signed-off on the fix.
Dots
medium
function recoverERC20FromStaking calls recoverERC20 with wrong parameters
Summary
Function
recoverERC20FromStaking
callsrecoverERC20
with wrong parametersVulnerability Detail
Function
recoverERC20
expects to recieveIERC20 tokenAddress
,uint256 tokenAmount
,address to
in this order. However therecoverERC20FromStaking
function calls therecoverERC20
function with wrongly arranged parametersImpact
The code may not function as intended
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/telx/core/StakingRewardsManager.sol#L216-L237
Tool used
Manual Review
Recommendation
Instead of
staking.recoverERC20(to, tokenAddress, tokenAmount);
, usestaking.recoverERC20(tokenAddress, tokenAmount, to);