s0x0mtee - Risk of Fund Loss Due to Unexpected Withdrawals #1015
Comments
sherlock-admin3
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
sherlock-admin3
changed the title
s0x0mtee
High
Risk of Fund Loss Due to Unexpected Withdrawals
Summary
In the provided contract, users risk losing funds due to an issue in the
depositfunction where therequirestatement relies on balance checks after transferring tokens. If another user or transaction initiates a withdrawal or reduces the contract’s balance before thebalanceAfteris read, the balance difference may fall below the expectedamount, causing therequirestatement to fail. This failure reverts the transaction and rolls back any state changes within the contract, but does not revert the external token transfer, as it is executed by the externalERC20token contract. As a result, the tokens transferred into the contract duringsafeTransferFromremain locked, leaving the sender unable to recover them unless a specific recovery mechanism exists.https://github.com/sherlock-audit/2024-11-debita-finance-v3/blob/main/Debita-V3-Contracts/contracts/Non-Fungible-Receipts/TaxTokensReceipts/TaxTokensReceipt.sol#L59-L89
Root Cause
No response
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
No response
Mitigation
No response
The text was updated successfully, but these errors were encountered: