search

tokamak-network / gem-nft-contract

Project Opal contract repository
MIT License
1 stars 1 forks source link

[Code review: Contract Bugs]: Recommend to claim with TON #33

Open Zena-park opened 1 day ago

Zena-park commented 1 day ago

Describe the bug

Users will receive WTON via the claim function. From a customer's perspective, it would be better to receive it in TON.

https://github.com/tokamak-network/gem-nft-contract/blob/b31e833a38901bee6287b869d34c523bfe13dea2/src/L1/L1WrappedStakedTON.sol#L182-L184

Impact

After claiming, users must swap WTON back to TON.

From a customer's perspective, it is very inconvenient and requires more gas fees.

Exploit Scenario

No response

Recommendation

require(IDepositManager(depositManager).processRequest(layer2Address, true));

IERC20(ton).safeTransfer(_to, amount/1e9);
mehdi-defiesta commented 19 hours ago

Thanks @Zena-park . Isn't there a risk that the contract does not hold enough TON to transfer ? Initially, when I designed the contract, I intended to allow only WTON deposit to ensure the contract's solvency at any point.

Zena-park commented 10 hours ago

IDepositManager(depositManager).processRequest(layer2Address, true) If the second parameter of the above function is true, you will receive it as TON. Therefore, since the TON received by unstaking is delivered as is, it is a logic that cannot be insufficient of TON.