Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unchecked Transfer #499

Closed
code423n4 opened this issue Sep 19, 2022 · 3 comments
Closed

Unchecked Transfer #499

code423n4 opened this issue Sep 19, 2022 · 3 comments
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) invalid This doesn't seem right withdrawn by warden Special case: warden has withdrawn this submission and it can be ignored

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol?plain=1#L167

Vulnerability details

High Severity - Unchecked Transfer

Line 167 of Vault.sol has an unchecked Transfer.

Reference and recommendation from slither.

Tools Used: Slither
@code423n4 code423n4 added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Sep 19, 2022
code423n4 added a commit that referenced this issue Sep 19, 2022
@code423n4
WilliamAmbrozic issue #499
ee29624
@MiguelBits MiguelBits added sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") and removed sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") labels Sep 20, 2022
@3xHarry 3xHarry mentioned this issue Sep 21, 2022
Closed
@3xHarry
Copy link
Collaborator

3xHarry commented Sep 21, 2022

disagree with severity as WETH has require condition that reverts if not enough funds or allowence, we left out the check on purpose as the protocol only uses WETH as underlying asset.

@3xHarry 3xHarry added the disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) label Sep 21, 2022
This was referenced Sep 21, 2022
Closed
Closed
Closed
Closed
Closed
@liveactionllama liveactionllama added the withdrawn by warden Special case: warden has withdrawn this submission and it can be ignored label Oct 11, 2022
@liveactionllama
Copy link
Contributor

The warden submitted a C4 help request asking that this submission be withdrawn.

@HickupHH3 HickupHH3 added the invalid This doesn't seem right label Oct 18, 2022
@HickupHH3
Copy link
Collaborator

HickupHH3 commented Oct 18, 2022
edited
Loading

Marking this issue as invalid (not unsatisfactory because that comes with penalties) because of withdrawn status.

This was referenced Oct 18, 2022
Closed
Closed
Closed
Closed
Closed
Closed
Closed
This was referenced Oct 29, 2022
Closed
Closed
Closed
This was referenced Oct 29, 2022
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
This was referenced Nov 5, 2022
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) invalid This doesn't seem right withdrawn by warden Special case: warden has withdrawn this submission and it can be ignored
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@MiguelBits @code423n4 @HickupHH3 @liveactionllama @3xHarry