Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-10-PALADIN-FINDINGS-ISSUES-283
HistoryNov 11, 2022 - 12:00 a.m.

Upgraded Q -> M from #43 [1668210521611]

2022-11-1100:00:00
Code4rena
github.com
6
trust assumption
erc20 tokens
contract vulnerability
JSON

Judge has assessed an item in Issue #43 as M risk. The relevant finding follows:

Q-02 - Huge trust assumption in recoverErc20()
<https://github.com/code-423n4/2022-10-paladin/blob/d6d0c0e57ad80f15e9691086c9c7270d4ccfe0e6/contracts/WardenPledge.sol#L653-L661&gt;

Reward tokens are transferred into this contract when a pledge is created. The comment notes " Recovers ERC2O tokens sent by mistake to the contract", but this function can also be used by the owner to draw and drain all tokens that are deposited by pledge creators.

The cons of this function far outweighs the benefit, hence I recommend removing this function.

The text was updated successfully, but these errors were encountered:

All reactions

JSON