StakingRewards: recoverERC20 should be able to withdraw excess stakingTokens #55
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
invalid
This doesn't seem right
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Lines of code
https://github.com/code-423n4/2022-09-y2k-finance/blob/ac3e86f07bc2f1f51148d2265cc897e8b494adf7/src/rewards/StakingRewards.sol#L213-L223
Vulnerability details
Impact
The recoverERC20 function of the StakingRewards contract cannot withdraw stakingTokens, however, since the stakingTokens deposited by the user are already recorded using the _totalSupply variable, the recoverERC20 function should be able to withdraw stakingTokens exceeding _totalSupply if the user mistakenly transfers stakingTokens to the contract or the reward includes stakingToken.
Proof of Concept
https://github.com/code-423n4/2022-09-y2k-finance/blob/ac3e86f07bc2f1f51148d2265cc897e8b494adf7/src/rewards/StakingRewards.sol#L213-L223
Tools Used
None
Recommended Mitigation Steps
Change to
The text was updated successfully, but these errors were encountered: