search

sherlock-audit / 2024-06-union-finance-update-2-judging

5 stars 3 forks source link

aua_oo7 - Failure to Update state variable `ClaimedToken` Amounts #63

Closed sherlock-admin4 closed 2 months ago

sherlock-admin4 commented 2 months ago

aua_oo7

Medium

Failure to Update state variable ClaimedToken Amounts

Vulnerability Detail

The claimTokens function in the VouchFaucet contract contains a vulnerability where the require statement check is not correct user can claim more than maxClaimable amount and the claimedTokens mapping is not updated after tokens are claimed. This allows users to repeatedly claim tokens up to the maximum claimable limit (maxClaimable) without any checks or balances to prevent multiple claims.

Impact

https://github.com/sherlock-audit/2024-06-union-finance-update-2/blob/main/union-v2-contracts/contracts/peripheral/VouchFaucet.sol#L93C5-L97C6

Code Snippet

function claimTokens(address token, uint256 amount) external {
        require(claimedTokens[token][msg.sender] <= maxClaimable[token], "amount>max");
        IERC20(token).transfer(msg.sender, amount);
        emit TokensClaimed(msg.sender, token, amount);
}

Tool used

Manual Review, VS code

Recommendation

To mitigate this vulnerability, the claimedTokens mapping should be updated each time tokens are successfully claimed. This ensures that the total amount of tokens claimed by a user does not exceed the maximum claimable limit. The corrected function should look as follows:

function claimTokens(address token, uint256 amount) external {
++   require(claimedTokens[token][msg.sender] + amount <= maxClaimable[token], "amount>max");
    IERC20(token).transfer(msg.sender, amount);
++   claimedTokens[token][msg.sender] += amount;
    emit TokensClaimed(msg.sender, token, amount);
}
WangSecurity commented 1 month ago

Will be invalidated based on the comment https://github.com/sherlock-audit/2024-06-union-finance-update-2-judging/issues/96#issuecomment-2274992333