Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CipherHawk - Support role may fail to rescue certain ERC20 tokens #224

Open
sherlock-admin2 opened this issue Nov 13, 2024 · 0 comments
Open

CipherHawk - Support role may fail to rescue certain ERC20 tokens #224

sherlock-admin2 opened this issue Nov 13, 2024 · 0 comments

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Nov 13, 2024
edited by sherlock-admin3
Loading

CipherHawk

High

Support role may fail to rescue certain ERC20 tokens

Summary

https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/stablecoin/Stablecoin.sol#L19
The erc20Rescue function in Stablecoin.sol uses ERC20PermitUpgradeable as the parameter type instead of the more general IERC20. This will prevent rescuing certain ERC20 tokens that do not adhere to the ERC20PermitUpgradeable interface, as the function expects specific functionalities not present in all ERC20 tokens.

Root Cause

In Stablecoin.sol at lines XX-YY, the erc20Rescue function is defined to accept ERC20PermitUpgradeable tokens, restricting its compatibility with standard ERC20 tokens that do not implement the permit extension.

Internal pre-conditions

  1. The contract must attempt to rescue a token that does not implement ERC20PermitUpgradeable.

  2. The SUPPORT_ROLE holder initiates the rescue.

External pre-conditions

  1. Users may send unsupported ERC20 tokens to the contract, necessitating rescue operations.

  2. Third-party ERC20 tokens without permit functionalities are present in the ecosystem.

Attack Path

Attack Path:

  1. A user sends an ERC20 token that does not implement ERC20PermitUpgradeable to the contract.

  2. The SUPPORT_ROLE holder attempts to rescue the token using erc20Rescue, which fails due to type incompatibility.

  3. The token remains locked in the contract, causing operational issues.

Impact

Certain ERC20 tokens cannot be rescued, leading to potential loss of funds for users who mistakenly send unsupported tokens to the contract.

PoC

No response

Mitigation

Use Generic Interfaces: Modify the erc20Rescue function to accept the more general IERC20 interface, increasing compatibility with a wider range of ERC20 tokens.

function erc20Rescue(
IERC20 token,
address destination,
uint256 amount
) external onlyRole(SUPPORT_ROLE) {
token.safeTransfer(destination, amount);
}

Ensure Compatibility: Continue using SafeERC20 to handle various ERC20 implementations safely.

Audit Token Standards: Regularly audit the ERC20 tokens integrated into the ecosystem to ensure compatibility with rescue mechanisms
@sherlock-admin3 sherlock-admin3 changed the title Handsome Sandstone Cottonmouth - Support role may fail to rescue certain ERC20 tokens CipherHawk - Support role may fail to rescue certain ERC20 tokens Nov 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin2