Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-08-ARBITRUM-FINDINGS-ISSUES-277
HistoryAug 10, 2023 - 12:00 a.m.

Claim reward can be inaccessible if msg.sender is a smart contract with no fallback/receive function

2023-08-1000:00:00
Code4rena
github.com
4
claim reward
inaccessible
smart contract
fallback function
mitigation
eth-transfer
JSON

Lines of code

Vulnerability details

Impact

When calling claim() on LendingLedger, the claim reward can be inaccessible if msg.sender is a smart contract with no fallback/receive function. Indeed, msg.sender.call{value: cantoToSend}(“”) would fail and the claim would revert, not allowing the user to recover his claimable rewards.

Tools Used

None.

Recommended Mitigation Steps

Add a mapping address=>address delegateRewards and associated external function to allow a smart contract account to delegate its reward to another address which could recover its attributed rewards.

Assessed type

ETH-Transfer

The text was updated successfully, but these errors were encountered:

All reactions

JSON