Closed sherlock-admin2 closed 6 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { This is invalid because the recoverERC20() function thats being called is from stakinRewards.sol not TelcoinDistributor.sol; so the implementation is correct. just like issue 173 }
valentin2304
medium
Typo in StakingRewardsMangaer.sol/recoverERC20FromStaking
Summary
The typo is that the parameters of the function called from
recoverERC20FromStaking
which isrecoverERC20
are not passed in a correct line which may lead to misfunctionality.Vulnerability Detail
recoverERC20FromStaking
callsrecoverERC20()
with parameters sentenced like (to, tokenAddress, tokenAmount) butrecoverERC20
accepts them sentenced like (tokenAddress, tokenAmount, to)Impact
Missfunctionality
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/telx/core/StakingRewardsManager.sol#L216-L237
Tool used
Manual Review
Recommendation
resentence the parameters given to
recoverERC20
inrecoverERC20FromStaking
Duplicate of #173