Closed sherlock-admin closed 8 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { thats an admin role which is considered trusted}
Invalid, CouncilMember
is not expected to hold any funds. The erc20Rescue
is simply to retrieve any accidental donations of any erc20 tokens.
zzykxx
medium
SUPPORT_ROLE
can transfer outTELCOIN
tokens that are not yet distributedSummary
The
SUPPORT_ROLE
can withdrawTELCOIN
tokens that should be distributed to council members from theCouncilMember.sol
contract.Vulnerability Detail
The
SUPPORT_ROLE
can call functions to recover ERC20 tokens stuck in theCouncilMember.sol
contract. TheCouncilMember.sol
contract temporarily holdsTELCOIN
tokens that should be distributed to the council members.In the
erc20Rescue()
function there is no check to ensure that after the rescue there's enoughTELCOIN
left in the contract for the council members to claim, in fact it's possible to withdraw all of them.Impact
The
CouncilMember.sol
might enter a state where it's insolvent towards council members, which might not be able to withdraw theirTELCOIN
tokens.Code Snippet
Tool used
Manual Review
Recommendation
When rescuing
TELCOIN
tokens in theerc20Rescue()
function subtract the amount of tokens currently owed to council members: