Closed sherlock-admin closed 5 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { This is invalid because there is some sort of a modifier for the fucntion; theey will ensure abd adequate implementation}
Invalid, this is an admion gated function, so this would constitute user input error not valid based on sherlock rules, see point 5.
araj
high
staking contract with different rewardToken can be added in stakingContractManager
Summary
Staking contract with different
rewardToken
can be added instakingContractManager
as there is no check on thatVulnerability Detail
Already created staking contract is added in array using
addStakingRewardsContract
function in manager contract, docs sayDo not add staking contracts with rewardToken other than the one passed to initialize this contract.
but for this there is no checkImpact
This will lead to add staking contract with different rewardToken in
stakingContracts
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/telx/core/StakingRewardsManager.sol#L128C1-L139C6
Tool used
Manual Review
Recommendation
Use this require in
addStakingRewardsContract