TokenSale.sol#claim Incorrect check allows blacklisted users to claim
Summary
Incorrect require check allows blacklisted users to claim
Vulnerability Detail
Inside Admin.sol contract, two functions are used to whitelist/blacklist users. There is a mapping(address => bool) public override blockClaim; that stores true/false values for user addresses depending if they are blacklisted or not.
claim() function inside TokenSale.sol has a require using the blockClaim mapping to ensure the user is not blacklisted. The problem is that it uses the contract address, not the msg.sender address. This means that this check will pass no matter if the caller of the claim() function is blacklisted or not.
require(uint8(epoch) > 1 && !admin.blockClaim(address(this)), "TokenSale: Not time or not allowed")
- require(uint8(epoch) > 1 && !admin.blockClaim(address(this)), "TokenSale: Not time or not allowed");
+ require(uint8(epoch) > 1 && !admin.blockClaim(msg.sender), "TokenSale: Not time or not allowed");
Silvermist
medium
TokenSale.sol#claim Incorrect check allows blacklisted users to claim
Summary
Incorrect require check allows blacklisted users to claim
Vulnerability Detail
Inside Admin.sol contract, two functions are used to whitelist/blacklist users. There is a
mapping(address => bool) public override blockClaim;that stores true/false values for user addresses depending if they are blacklisted or not.claim()function inside TokenSale.sol has a require using theblockClaimmapping to ensure the user is not blacklisted. The problem is that it uses the contract address, not themsg.senderaddress. This means that this check will pass no matter if the caller of theclaim()function is blacklisted or not.Impact
Blacklisted users can claim.
Code Snippet
https://github.com/sherlock-audit/2024-03-zap-protocol/blob/c2ad35aa844899fa24f6ed0cbfcf6c7e611b061a/zap-contracts-labs/contracts/TokenSale.sol#L366-L369
Tool used
Manual Review
Recommendation
Duplicate of #82