sherlock-admin4
commented
8 months ago 1 comment(s) were left on this issue during the judging contest.
WangAudit commented:
looks like design decision + user's mistake they got blacklisted in the first place
DiGarOn
medium
Casual Blacklisting Medium
Summary
Accidental blocking or reversal of blocking after appeal will not result in a refund to the user.
Vulnerability Detail
When a person is blacklisted, all tokens are deducted from him/her, but when the user is unblocked, he/she does not get the money back. That is, if the user was blocked by mistake, no refund will be made.
Impact
Medium. Such behaviour reduces the credibility of the project, because of which the company may suffer both reputational and financial losses.
Code Snippet
https://github.com/sherlock-audit/2024-02-telcoin-platform-audit-update/blob/21920190e0772afa18e7f856a036fea3ef5b9635/telcoin-contracts/contracts/stablecoin/Stablecoin.sol#L123 https://github.com/sherlock-audit/2024-02-telcoin-platform-audit-update/blob/21920190e0772afa18e7f856a036fea3ef5b9635/telcoin-contracts/contracts/util/abstract/Blacklist.sol#L86
Tool used
None
Manual Review
Recommendation
There are 2 ways to solve the problem: 1) Record the user's original balance for some time and do not debit it, thus giving time to appeal the decision. After the time expires, you can withdraw money from the blocked person's account and delete the record of his/her balance. 2) Do not take tokens from blacklisted accounts.