Skip to content

Latest commit

 

History

History
68 lines (45 loc) · 2.37 KB

069.md

File metadata and controls

68 lines (45 loc) · 2.37 KB

Wonderful Pebble Sawfish

Medium

Incompatibility of contracts with Ethereum ARB token.

Summary

In the README mention that the contracts are deployed in the below chains

Ethereum, Arbitrum, Rari Chain, zkSync Mainnet, Base, Polygon, OP Mainnet

Additionally, ARB is used as both a staked and reward token; however, the issue here is that ARB tokens exist on the Ethereum blockchain and some others, according to the documentation.

Vulnerability Detail

So when we check the ARB token contract implementation in the Ethereum, it becomes evident that it is no compatibile with IERC20Delegates. Therefore, these contracts are not deployed on the Ethereum blockchain with the ARB Governance token.

contract L1ArbitrumToken is
    INovaArbOneReverseToken,
    Initializable,
    ERC20Upgradeable,
    ERC20PermitUpgradeable,
    TransferAndCallToken
{

In the GovernanceStakerDelegateSurrogateVotes contract, the constructor includes the following check:

  constructor(IERC20Delegates _votingToken) {
    if (address(STAKE_TOKEN) != address(_votingToken)) {
      revert GovernanceStakerDelegateSurrogateVotes__UnauthorizedToken();
    }
  }

In the Ethereum chain, the ARB token contract implementation does not have a delegate function, so this will revert.

contract DelegationSurrogateVotes is DelegationSurrogate {
  /// @param _token The governance token that will be held by this surrogate
  /// @param _delegatee The address of the would-be voter to which this surrogate will delegate its
  /// voting weight. 100% of all voting tokens held by this surrogate will be delegated to this
  /// address.
  constructor(IERC20Delegates _token, address _delegatee) DelegationSurrogate(_token) {
@>>    _token.delegate(_delegatee);
  }

Impact

The ARB token exists on Ethereum, but the contracts are incompatible with the implementation and won't be deployed. As a result, this breaks the invariants stated in the README.

Code Snippet

https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/DelegationSurrogateVotes.sol#L26-L28

https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/extensions/GovernanceStakerDelegateSurrogateVotes.sol#L24-L28

Tool used

Manual Review

Recommendation