Platform: Code4rena
Start Date: 29/03/2022
Pot Size: $50,000 USDC
Total HM: 16
Participants: 42
Period: 5 days
Judge: 0xean
Total Solo HM: 9
Id: 105
League: ETH
Rank: 20/42
Findings: 1
Award: $560.49
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0xDjango, csanuragjain
560.4852 USDC - $560.49
https://github.com/code-423n4/2022-03-paladin/blob/main/contracts/HolyPaladinToken.sol#L876
Any transfer will lead to updation of cooldown period for the recipient. This can become a problem if recipient wished to withdraw some amount using unstake.
#0 - Kogaroshi
2022-04-02T17:10:45Z
Duplicate : https://github.com/code-423n4/2022-03-paladin-findings/issues/38
Copy of the answer: This behavior is wanted in the token design. Any implementation of a acceptTransfer() or any similar design will remove the ability of the hPAL token to be compatible with the ERC20 design, which is not something desired for that token.
And as shown in the example, to effectively have an impact on the cooldown of another user through a transfer, it would require an important amount of token (100% of the balance to push back to 5 days out of 10 days cooldown if the target cooldown is about to be reached), which is the desired logic to reduce this kind of scenario
(for a live example, this system is taken from the stkAave system, where that type of scenario is rarely seen)
#1 - 0xean
2022-04-11T12:37:22Z
duplicate of #69