search

sherlock-audit / 2024-01-telcoin-judging

6 stars 5 forks source link

jah - wrong logic on burn function #216

Closed sherlock-admin closed 5 months ago

sherlock-admin commented 5 months ago

jah

high

wrong logic on burn function

Summary

the burn function can prevent the last cm to not clime his reward because of line 219

Vulnerability Detail

when calling burn function in CouncilMember.sol it will first update the latest council member balance into the burned tokenid and removes it from the balance on line 220 but the thing is that in order to clime the reward token using clime function the balance is accessed using the tokenid which will cause an error because the burn funciton have already moved the council member balances into the burned tokenid so he is accessing either someone else's balance or balance that dont exited which will cause an error

Code Snippet

https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L219

Tool used

Manual Review

Recommendation

don't move the latest council member balance into the burned tokenid

Duplicate of #199

sherlock-admin2 commented 5 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

valid because { This is valid and a dupp of 109 but with no impact reported at all !!!}