search

sherlock-audit / 2024-01-telcoin-judging

6 stars 5 forks source link

jah - the burn function can prevent the last cm to not clime his reward because of line 219 #218

Closed sherlock-admin2 closed 5 months ago

sherlock-admin2 commented 5 months ago

jah

high

the burn function can prevent the last cm to not clime his reward because of line 219

Summary

the burn function can prevent the last cm to not clime his reward because of line 219

Vulnerability Detail

when calling burn function in CouncilMember.sol it will first update the latest council member balance into the burned tokenid and removes it from the balance on line 220 but the thing is that in order to clime the reward token using clime function the balance is accessed using the tokenid which will cause an error because the burn funciton have already moved the council member balances into the burned tokenid so he will be accessing either someone else's balance or balance that dont exited which will cause an error

Impact

unable to clime his funds might also clime another user fund

Code Snippet

https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L219

Tool used

Manual Review

Recommendation

don't move the latest council member balance into the burned tokenid

Duplicate of #199

sherlock-admin2 commented 5 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

valid because {This is valid and seem to be reported by the person who reported the issue 216 adn also a dupp of 109}