Flawed logic in token withdrawal function allows for selective withdrawal of high-value tokens and fails in single-token scenarios.
// Sum up total amount of each token to withdraw.
uint256[] memory withdrawAmounts = new uint256[](withdrawTokens.length);
{
IERC20 prevToken;
for (uint256 i; i < withdrawTokens.length; ++i) {
// Check if order of tokens to transfer is valid.
// Prevent null and duplicate transfers.
if (prevToken >= withdrawTokens[i]) revert InvalidTokenOrderError();
...
}
}
Specific Concerns:
Selective High-Value Withdrawals: Users can exploit the function to repeatedly withdraw only high-value tokens, which could lead to unfair distribution.
Single-Token Scenario Failure: In cases where only one type of reward token is present, the functionβs validation logic (if (prevToken >= withdrawTokens[i])) incorrectly prevents successful execution.
manual
Implement a mechanism to ensure fair and equitable withdrawal of tokens, possibly by randomizing the order or enforcing a proportional withdrawal across all token types.
Adjust the validation logic to accommodate scenarios with a single token type. This could involve modifying or bypassing the order check when only one token type is present.
Token-Transfer
The text was updated successfully, but these errors were encountered:
All reactions