Platform: Code4rena
Start Date: 07/03/2024
Pot Size: $63,000 USDC
Total HM: 20
Participants: 36
Period: 5 days
Judge: cccz
Total Solo HM: 11
Id: 349
League: BLAST
Rank: 36/36
Findings: 1
Award: $15.33
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: ether_sky
Also found by: 0x11singh99, 0xE1, 0xJaeger, Bauchibred, Bigsam, Bozho, Breeje, DarkTower, HChang26, SpicyMeatball, Trust, ZanyBonzy, albahaca, bareli, blutorque, grearlake, hals, hassan-truscova, hihen, oualidpro, pfapostol, ravikiranweb3, slvDev, zhaojie
15.328 USDC - $15.33
recover() enables the owner to withdraw the token balance in the contract to any address of their discretion.
This opens a possibility of vulnerability where the owner can withdraw the token balance deposited in the contract. This is completely at the discretion of the owner to exercise this power and do a rug pull.
function recover(address tokenAddress, uint256 tokenAmount) external onlyOwner { // In case it's the staking token, allow to skim the excess if (tokenAddress == stakingToken && tokenAmount > stakingToken.balanceOf(address(this)) - stakingTokenBalance) { revert ErrSkimmingTooMuch(); } tokenAddress.safeTransfer(owner, tokenAmount); emit LogRecovered(tokenAddress, tokenAmount); }
Manual Review
If the purpose of this function is to skim the excess, dont take the token amount as parameter, instead implement a logic to compute the excess and allow skim and withdraw only the excess amount.
Rug-Pull
#0 - c4-pre-sort
2024-03-15T12:29:27Z
141345 marked the issue as duplicate of #60
#1 - c4-judge
2024-03-29T15:56:49Z
thereksfour changed the severity to QA (Quality Assurance)