The Vesting.withdrawVested function allows withdrawing the tokens of other users.
While the tokens are sent to the correct address, this can lead to issues with smart contracts that might rely on claiming the tokens themselves.
As one example, suppose the _to address corresponds to a smart contract that has a function of the following form:
function withdrawAndDoSomething() {
contract.withdrawVested(address(this), amount);
token.transfer(externalWallet, amount)
}
Impact
If the contract has no other functions to transfer out funds, they may be locked forever in this contract.
Recommended Mitigation Steps
Do not allow users to withdraw on behalf of other users.
Handle
cmichel
Vulnerability details
Vulnerability Details
The
Vesting.withdrawVested
function allows withdrawing the tokens of other users. While the tokens are sent to the correct address, this can lead to issues with smart contracts that might rely on claiming the tokens themselves.As one example, suppose the
_to
address corresponds to a smart contract that has a function of the following form:Impact
If the contract has no other functions to transfer out funds, they may be locked forever in this contract.
Recommended Mitigation Steps
Do not allow users to withdraw on behalf of other users.