Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible payment token theft - High Severity! #54

Open
olahfemi opened this issue Mar 26, 2023 · 0 comments
Open

Possible payment token theft - High Severity! #54

olahfemi opened this issue Mar 26, 2023 · 0 comments
Assignees
@casweeney @developeruche
Labels
bug Something isn't working

Comments

@olahfemi
Copy link
Collaborator

Description
Payment tokens can be stolen by an address by calling the payFee function when setFee is called again by an address that has the Dto.Roles.PRE_CERTIFICATE_TOKEN_MANAGER role. When setFee is called, an address that has claimed his tokens can call payFee to steal his initial payment. He might fail the first check in SLOC 94 but can pass the second check if the additionalTime has passed and the amount he paid is less than the new cohortFee.

Context
PreCertificateToken.sol SLOC81

Recommendation
We recommend that a check for sd.claimed be included in the second check. We also recommend the refund logic is moved to a separate function to make the logic intuitive for users and other developers and reduce possible errors.
@olahfemi olahfemi added the bug Something isn't working label Mar 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@casweeney casweeney

@developeruche developeruche

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@olahfemi @casweeney @developeruche