Skip to content

Latest commit

 

History

History
46 lines (34 loc) · 2.45 KB

007.md

File metadata and controls

46 lines (34 loc) · 2.45 KB
Raw

Daring Ash Canary

medium

Lack of Explicit Check for Sufficient Balance in claimForWithdrawRequest

Summary

The claimForWithdrawRequest function in the SolverVault contract lacks an explicit check to ensure that the contract has a sufficient balance before attempting to deposit funds to Symmio. While certain conditions indirectly mitigate this risk, there is a need for a direct check to enhance security and prevent potential issues.

Vulnerability Detail

The vulnerability lies in the absence of an explicit check for the contract's overall balance before transferring funds to the receiver in the claimForWithdrawRequest function. While the function does check the withdrawal request's status and adjusts the lockedBalance variable, there is no direct verification of the contract's financial capacity to cover the claimed amount. This could lead to attempted transfers exceeding the available balance, causing the transaction to fail or potentially compromising the contract's integrity.

function claimForWithdrawRequest(uint256 requestId) external whenNotPaused {
    require(
        requestId < withdrawRequests.length,
        "SolverVault: Invalid request ID"
    );

    WithdrawRequest storage request = withdrawRequests[requestId];

    require(
        request.status == RequestStatus.Ready,
        "SolverVault: Request not ready for withdrawal"
    );

    // Balance adjustment
    uint256 amount = (request.amount * request.acceptedRatio) / 1e18;
    lockedBalance -= amount;

    // Potential issue: No explicit check for sufficient balance before transfer
    IERC20(collateralTokenAddress).safeTransfer(request.receiver, amount);
    emit WithdrawClaimedEvent(requestId, request.receiver);
}

Impact

The absence of an explicit balance check before transferring funds in claimForWithdrawRequest may lead to transaction failures and could pose a risk to the contract's functionality, potentially affecting users' ability to claim their funds.

Code Snippet

Link

Tool used

Manual Review

Recommendation

Implement an explicit check for the contract's balance before attempting to transfer funds in the claimForWithdrawRequest function. This check should ensure that the contract has sufficient funds to cover the claimed amount, preventing potential transaction failures and enhancing the overall security of the contract.