search
Active Boosts

29019 - [SC - High] The ZeroLendToken contract in the Governance mo...

Submitted on Mar 4th 2024 at 20:56:25 UTC by @Trust for Boost | ZeroLendarrow-up-right

Report ID: #29019

Report type: Smart Contract

Report severity: High

Target: https://github.com/zerolend/governance

Impacts:

  • Temporary freezing of funds for at least 1 hour

hashtag
Description

hashtag
Brief/Intro

The ZeroLendToken contract in the Governance module mishandles the whitelist. It is treated as a blacklist.

hashtag
Vulnerability Details

The code below handles updating of the balance when a token is sent by from to to.

function _update(
    address from,
    address to,
    uint256 value
) internal virtual override {
    require(!blacklisted[from] && !blacklisted[to], "blacklisted");
    require(!paused && !whitelisted[from], "paused");
    super._update(from, to, value);
}

Note that if whitelisted is True, the token should allow the transfer. However the condition is flipped, so it will certainly abort the transfer.

hashtag
Impact Details

A whitelisted user will not be able to transfer their tokens, resulting in a temporary freezing of funds.

hashtag
Recommended remidiation

Consider refactoring the code as suggestedbelow: require(!paused || whitelisted[from])

hashtag
References

https://github.com/zerolend/governance/blob/a30d8bb825306dfae1ec5a5a47658df57fd1189b/contracts/ZeroLendToken.sol#L61

hashtag
Proof of Concept

  1. User A is inserted to the whitelist

  2. User A wishes to transfer their tokens to User B

  3. The transfer() reverts, resulting in lock of funds.

Previous29012 - [SC - High] Votes manipulation in PoolVoterNext29026 - [SC - High] Hackers can steal the unclaimed yield to get th...

Last updated

Was this helpful?