Unsafe transfer #285
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
duplicate
This issue or pull request already exists
invalid
This doesn't seem right
old-submission-method
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Comments
code423n4
added
3 (High Risk)
|
dup #499, The protocol only uses WETH as underlying asset, meaning transfers would revert if not successful |
3xHarry
added
duplicate
HickupHH3
added
the
unsatisfactory
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol#L167
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol#L228
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol#L231
Vulnerability details
Impact
Unsafe transfer
Proof of Concept
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol#L167
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol#L228
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol#L231
Some tokens don't revert on transfer failure but they return a boolean value instead.
This value is not checked. Thus, the attacker can trick the protocol into that the transfer was successful and then withdraw his shares and steal tokens in results
Tools Used
Manual review
Recommended Mitigation Steps
Use safeTransfer library or manually check the return value
The text was updated successfully, but these errors were encountered: