Wrong implementation of function addVoteEscrow()
in RewardDistributor.sol
#567
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate
This issue or pull request already exists
old-submission-method
Lines of code
https://github.com/code-423n4/2022-07-golom/blob/e5efa8f9d6dda92a90b8b2c4902320acf0c26816/contracts/rewards/RewardDistributor.sol#L298-L305
Vulnerability details
Impact
ve
always isaddress(0)
Proof of concept
There is no initial setup for
ve
variable in contractRewardDistributor
. So if we want to setve
variable, we will need to call functionaddVoteEscrow()
.Function
addVoteEscrow()
will checkaddress(ve) == address(0)
or not. Cause there is no initialization forve
, it will setve = VE(pendingVoteEscrow)
. But at this time,pendingVoteEscrow
isaddress(0)
too.==>
ve == address(0)
foreverTools Used
Manual review
Recommended Mitigation Steps
change function to
The text was updated successfully, but these errors were encountered: