johba/harb
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

fix: Stake.sol: exitPosition guard order (owner check before existence) (#307)

Browse source 
Check pos.creationTime == 0 before pos.owner != msg.sender so that
calling exitPosition on a non-existent position correctly reverts with
PositionNotFound instead of the misleading NoPermission(caller, 0x0).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
openhands 2026-02-27 06:33:32 +00:00
parent 9341673a1a
commit 24fdcd3dcd
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
onchain/src/Stake.sol
View file

@ -323,12 +323,12 @@ contract Stake {
/// @dev Pays the due taxes based on the TAX_FLOOR_DURATION and returns the remaining assets to the position owner.
function exitPosition(uint256 positionId) external {
StakingPosition storage pos = positions[positionId];
if (pos.owner != msg.sender) {
revert NoPermission(msg.sender, pos.owner);
}
if (pos.creationTime == 0) {
revert PositionNotFound(positionId, msg.sender);
}
if (pos.owner != msg.sender) {
revert NoPermission(msg.sender, pos.owner);
}
// to prevent snatch-and-exit grieving attack, pay TAX_FLOOR_DURATION
_payTax(positionId, pos, TAX_FLOOR_DURATION);
_exitPosition(positionId, pos);