Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2021-05-FAIRSIDE-FINDINGS-ISSUES-72
HistoryMay 27, 2021 - 12:00 a.m.

pendingWithdrawals not decreased after a withdraw

2021-05-2700:00:00
Code4rena
github.com
4
JSON

Handle

shw

Vulnerability details

Impact

The variable pendingWithdrawals in the contract Withdrawable is not decreased after the function withdraw is called, which causes the return value of function getReserveBalance less than it should be. This bug could cause incorrect results in several critical functions related to FSD token pricing, including getFSDPrice, purchaseMembership, getMaximumBenefitPerUser, mint, and burn in the FSDNetwork and FSD contracts.

Proof of Concept

Referenced code:
Withdrawable.sol#L14-L19
Withdrawable.sol#L26-L28

Affected functions:
FSD.sol#L85
FSD.sol#L100
FSDNetwork.sol#L136
FSDNetwork.sol#L361
FSDNetwork.sol#L369

Recommended Mitigation Steps

Add pendingWithdrawals = pendingWithdrawals.sub(reserveAmount); after line 17 in the contract Withdrawable.

The text was updated successfully, but these errors were encountered:

All reactions

JSON