Omniscia Alliance Block Audit
CompoundingRewardsPool Manual Review Findings
CompoundingRewardsPool Manual Review Findings
CRP-01M: Invalid Reward Addition
Type | Severity | Location |
---|---|---|
Logical Fault | Major | CompoundingRewardsPool.sol:L42-L46 |
Description:
The addMoreRewards
function can be exploited to overflow the amountTransferred
variable as the transfer being performed is from the contract to itself thus being possible for any value less-than-or-equal-to the balance of the contract at a given point in time.
Example:
contracts/V2/CompoundingRewardsPool.sol
42function addMoreRewards(address rewardsToken, uint256 _tokenAmount) public {43 amountTransferred += _tokenAmount;44 IERC20Detailed(rewardsToken).safeTransfer(address(this), _tokenAmount);45 emit AdditioanalRewardsAdded(msg.sender,_tokenAmount);46}
Recommendation:
We advise the workflow of the function to be corrected to perform a safeTransferFrom
invocation from the msg.sender
to the address(this)
as currently, funds are transferred to itself ineffectually.
Alleviation:
The correct reward addition workflow is now applied to the codebase, invoking safeTransferFrom
from the msg.sender
to the contract.