You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In NFTXLPStaking.sol, deposit(), exit(), withdraw(), claimRewards() and other related functions that take a vaultID as parameter perform a pool existence check on the staking pool associated with that vaultID. However, balanceOf is missing a similar pool check.
This may result in returning an invalid balance of a non-existing or stale pool.
Handle
0xRajeev
Vulnerability details
Impact
In NFTXLPStaking.sol, deposit(), exit(), withdraw(), claimRewards() and other related functions that take a vaultID as parameter perform a pool existence check on the staking pool associated with that vaultID. However, balanceOf is missing a similar pool check.
This may result in returning an invalid balance of a non-existing or stale pool.
Proof of Concept
Missing check: https://github.com/code-423n4/2021-05-nftx/blob/f6d793c136d110774de259d9f3b25d003c4f8098/nftx-protocol-v2/contracts/solidity/NFTXLPStaking.sol#L168-L172
Checks: https://github.com/code-423n4/2021-05-nftx/blob/f6d793c136d110774de259d9f3b25d003c4f8098/nftx-protocol-v2/contracts/solidity/NFTXLPStaking.sol#L117
https://github.com/code-423n4/2021-05-nftx/blob/f6d793c136d110774de259d9f3b25d003c4f8098/nftx-protocol-v2/contracts/solidity/NFTXLPStaking.sol#L144
Tools Used
Manual Analysis
Recommended Mitigation Steps
Add check require(pool.stakingToken != address(0), "LPStaking: Nonexistent pool”); before L170.
The text was updated successfully, but these errors were encountered: