Closed sherlock-admin closed 5 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { This is invalid because the recoverERC20() function thats being called is from stakinRewards.sol not TelcoinDistributor.sol; so the implementation is correct.so its invalid}
0xboriskataa
medium
Incorrect input of parameters for the
StakingRewardsManager.sol: recoverERC20
function callSummary
The
recoverERC20
function inStakingRewardsManager.sol
takes 3 parameters as input in this exact order:IERC20 tokenAddress
,uint256 tokenAmount
address to
. HoweverrecoverERC20FromStaking
callsrecoverERC20
with misplaced parameters:staking.recoverERC20(to, tokenAddress, tokenAmount);
Vulnerability Detail
Impact
Code Snippet
Tool used
Manual Review
Recommendation
Duplicate of #173