Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2021-11-STREAMING-FINDINGS-ISSUES-212
HistoryDec 07, 2021 - 12:00 a.m.

Recover tokens function will become unusable with reward tokens if they are withdrawn first.

2021-12-0700:00:00
Code4rena
github.com
5
JSON

Handle

pedroais

Vulnerability details

Impact

The recoverTokens function will become unusable with reward tokens if they are withdrawn first.

Proof of Concept

With reward tokens excess is defined as balance - (rewardTokenAmount + rewardTokenFeeAmount)
<https://github.com/code-423n4/2021-11-streaming/blob/5a87fce1190e0da1cf881919ded3573ca9ec4b08/Streaming/src/Locke.sol#L672&gt;

The variable rewardTokenAmount never gets updated when rewards are withdrawn so after a withdrawal the balance will decrease while rewardTokenAmount is still the same. As a result, the function will revert and the excess tokens will be lost.

Tools Used

Manual

Recommended Mitigation Steps

Add a variable called redeemed reward tokens and define excess as balance - (rewardTokenAmount + rewardTokenFeeAmount-redeemedRewards)

The text was updated successfully, but these errors were encountered:

All reactions

JSON