Lines of code
<https://github.com/code-423n4/2023-01-popcorn/blob/d95fc31449c260901811196d617366d6352258cd/src/vault/VaultController.sol#L457>
<https://github.com/code-423n4/2023-01-popcorn/blob/d95fc31449c260901811196d617366d6352258cd/src/vault/VaultController.sol#L526>
The vulnerability in the MultiRewardStaking and VaultController contracts lies in the usage of the transfer and transferFrom functions, which does not provide the safety checks for the transfer of tokens, especially since the reward token can have arbitrary implementation. If the recipient contract does not have a function to handle the incoming tokens, it can result in the loss of tokens.
_rewardTokens[i].transfer(user, rewardAmount);
IERC20(rewardsToken).transferFrom(msg.sender, address(adminProxy), amount);
rewardTokens[i].transferFrom(msg.sender, address(this), amounts[i]);
Manual analysis
The recommended solution is to use the safeTransfer and safeTransferFrom functions from OpenZeppelinβs contracts library, which provide the necessary safety checks to ensure the transfer of tokens is successful and secure.
The text was updated successfully, but these errors were encountered:
All reactions