If the recipient is added to the USDC blacklist, then claimForWithdrawRequest does not work

Summary

Vulnerability Detail

When claim is called, it sends the USDC to the recipient . Consider a scenario where if the withdarwer intends to call claidoewithdarw() to withdarw the deposit. a malicious recipient can block the address from receiving USDC by adding it to the USDC blacklist (e.g. by doing something malicious with that address, etc.), which prevents the withdarwer from withdrawing future payments

Impact

A malicious recipient may prevent the withdawer from withdrawing future payments

Code Snippet

IERC20(collateralTokenAddress).safeTransfer(request.receiver, amount);

https://github.com/sherlock-audit/2023-12-symm-io/blob/60ee22a4c598220821385cfb5eee43f40aafd5f1/solver-vaults/contracts/SolverVaults.sol#L297C16-L297C38

Tool used

Manual Review

Recommendation

put a check for blacklisted user by USDC

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

214.md

214.md

If the recipient is added to the USDC blacklist, then claimForWithdrawRequest does not work

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

214.md

Latest commit

History

214.md

File metadata and controls

If the recipient is added to the USDC blacklist, then claimForWithdrawRequest does not work

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation