search

sherlock-audit / 2024-01-telcoin-judging

6 stars 5 forks source link

asui - SUPPORT_ROLE can steal tokens which they are not trusted for incase of staking contracts with double entry point tokens . #230

Closed sherlock-admin2 closed 5 months ago

sherlock-admin2 commented 5 months ago

asui

medium

SUPPORT_ROLE can steal tokens which they are not trusted for incase of staking contracts with double entry point tokens .

Summary

SUPPORT_ROLE can steal tokens which they are not trusted for.

Vulnerability Detail

In the StakingRewardsManager contract the SUPPORT_ROLE is trusted to be able to call recoverERC20FromStaking for any tokens accidentally sent in the staking contract. However if there is a staking contract with double entry point tokens the SUPPORT_ROLE can steal all the staking tokens.

Impact

Stakers will lose all tokens they staked.

Code Snippet

function recoverERC20FromStaking(
        StakingRewards staking,
        IERC20 tokenAddress,
        uint256 tokenAmount,
        address to
    ) external onlyRole(SUPPORT_ROLE) {
        // grab the tokens from the staking contract
        staking.recoverERC20(to, tokenAddress, tokenAmount);
    }

Tool used

Manual Review

Recommendation

restrict recovery of assets for staking contracts with double entry point tokens.

Duplicate of #205

amshirif commented 5 months ago

There is no explanation of how a double entry attack would take place. There is no ability for arbitrary code execution and none of the contracts involved are capable.

sherlock-admin2 commented 5 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid because { The role is some sort of admin role which are trusted according to sherlock's rule}