-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bin2chen - If WithdrawAddrEnabled = false, execute_claim() will fail #43
Comments
You've created a valid escalation! To remove the escalation from consideration: Delete your comment. You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final. |
Result: |
Escalations have been resolved successfully! Escalation status:
|
|
The protocol team fixed this issue in the following PRs/commits: |
fix-reviews note: |
bin2chen
Medium
If WithdrawAddrEnabled = false, execute_claim() will fail
Summary
Currently, contracts that execute
execute_claim()
setDistributionMsg::SetWithdrawAddress
first.If
WithdrawAddrEnabled = false
, the execution will not succeed and theclaim
will not be executed.Vulnerability Detail
Currently the contract executes claims rewards by setting
DistributionMsg::SetWithdrawAddress
first.If the configuration
WithdrawAddrEnabled
is changed tofalse
, settingDistributionMsg::SetWithdrawAddress
will fail!This will prevent the execution of the
claim
https://github.com/cosmos/cosmos-sdk/tree/main/x/distribution#msgsetwithdrawaddress
Impact
can't claim reward
Code Snippet
https://github.com/sherlock-audit/2024-05-andromeda-ado/blob/main/andromeda-core/contracts/finance/andromeda-validator-staking/src/contract.rs#L231
Tool used
Manual Review
Recommendation
when set
DistributionMsg::SetWithdrawAddress
,SubMsg
usingReplyOn.Error
, which is ignored when this message returns an error, to avoid the wholeexecute_claim
from failing!The text was updated successfully, but these errors were encountered: