missing !claimed check in NATIVE claimWithdrawal() function
#19
Comments
|
Agreed, it should be checked but it wont lead to any vulnerability as When the user claims his withdrawal, the Would leave on sponsor to decide its validity, imo it should be informational. |
|
hey Rizwan thanks for your Comment, i double check it this will not cause loss of funds however i think it should be at least Low severity cause due to terms of the Hats Platform Issues where the behavior of the contracts differs from the intended behavior (as described in the docs and by common sense), but no funds are at risk. function claimWithdrawal(uint256 withdrawalId, address receiver) public virtual nonReentrant {
require(ownerOf(withdrawalId) == msg.sender, "NotOwner");
WithdrawalRequest storage request = _withdrawalRequests[withdrawalId];
require(request.processed, "NotProcessedYet");
require(!request.claimed, "AlreadyClaimed");
_burn(withdrawalId);
request.claimed = true;
totalUnclaimedWithdrawals = totalUnclaimedWithdrawals-request.amount;
baseToken.safeTransfer(receiver, request.amount);
emit ClaimWithdrawal(address(msg.sender), receiver, request.amount, withdrawalId);
}as you see the check is being made in L2170 but not in NATIVE one Fix of the issue in Native claim function claimWithdrawal(uint256 withdrawalId, address receiver) public virtual nonReentrant {
require(ownerOf(withdrawalId) == msg.sender, "NotOwner");
WithdrawalRequest storage request = _withdrawalRequests[withdrawalId];
require(request.processed, "NotProcessedYet");
+ require(!request.claimed, "AlreadyClaimed");
_burn(withdrawalId);
request.claimed = true;
totalUnclaimedWithdrawals = totalUnclaimedWithdrawals-request.amount;
SafeTransferLib.safeTransferETH(receiver, request.amount);
emit ClaimWithdrawal(address(msg.sender), receiver, request.amount, withdrawalId);
}Thanks |
|
That was removed after their first audit since has no actual value, just an unnecessary double check - AccumulatedFinance/contracts-v2@9fae5f3 |
Thanks for sharing. |
|
yes this was removed in the commit i just saw it today but then it should be deleted from this function also so i believe it's at least low let's see sponsors' point of view removing this and not removing another one doesn't any makes sense at all ERC20 claim which has this function claimWithdrawal(uint256 withdrawalId, address receiver) public virtual nonReentrant {
require(ownerOf(withdrawalId) == msg.sender, "NotOwner");
WithdrawalRequest storage request = _withdrawalRequests[withdrawalId];
require(request.processed, "NotProcessedYet");
require(!request.claimed, "AlreadyClaimed");
_burn(withdrawalId);
request.claimed = true;
totalUnclaimedWithdrawals = totalUnclaimedWithdrawals-request.amount;
baseToken.safeTransfer(receiver, request.amount);
emit ClaimWithdrawal(address(msg.sender), receiver, request.amount, withdrawalId);
}whats your opinion @ilzheev |
Yes, it's redundant check in ERC20Minter. |
Github username: --
Twitter username: --
Submission hash (on-chain): 0xabd55c24fa6ef983a1bb8b977bcaea6590d1546788a87a48102e26a0cc1d3095
Severity: high
Description:
Description
in the contract
minter.soland contractNativeMinterWithdrawalandclaimwithdrawalL2126 which is going to claim the withdrawals with native tokensets the status to claimed but doesnt check that doesnt actually require that status should be
!Claimedlike in the L2170
claimWithdrawalerc20 which DOES check that it should not be claimed but native one doesnterc20 one:
require(!request.claimed, "AlreadyClaimed");as you see its fixed in the erc20 one but in the native one issue STILL REMAINS
Recommendation
The text was updated successfully, but these errors were encountered: