Closed sherlock-admin2 closed 5 months ago
There is no explanation of how a double entry attack would take place. There is no ability for arbitrary code execution and none of the contracts involved are capable.
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { The role is some sort of admin role which are trusted according to sherlock's rule}
asui
medium
SUPPORT_ROLE can steal tokens which they are not trusted for incase of staking contracts with double entry point tokens .
Summary
SUPPORT_ROLE can steal tokens which they are not trusted for.
Vulnerability Detail
In the
StakingRewardsManager
contract the SUPPORT_ROLE is trusted to be able to callrecoverERC20FromStaking
for any tokens accidentally sent in the staking contract. However if there is a staking contract with double entry point tokens the SUPPORT_ROLE can steal all the staking tokens.Impact
Stakers will lose all tokens they staked.
Code Snippet
Tool used
Manual Review
Recommendation
restrict recovery of assets for staking contracts with double entry point tokens.
Duplicate of #205