However there is no access control on this function which means than should any tokens be sent to VaderPoolV2 by accident they'll just be scooped up by flashbots rather than being recoverable by the original owner or Vader governance.
This also means that any rebasing tokens which are deposited into VaderPoolV2 will have any rebases lost rather than being recoverable by Vader governance.
Recommended Mitigation Steps
Permission this function to only allow Vader governance to claim tokens.
Handle
TomFrench
Vulnerability details
Impact
Any unaccounted for tokens on
VaderPoolV2
can be siphoned off by anyoneProof of Concept
VaderPoolV2
has arescue
function which allows any unaccounted for tokens to be recovered.https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/dex-v2/pool/BasePoolV2.sol#L505-L517
However there is no access control on this function which means than should any tokens be sent to
VaderPoolV2
by accident they'll just be scooped up by flashbots rather than being recoverable by the original owner or Vader governance.This also means that any rebasing tokens which are deposited into
VaderPoolV2
will have any rebases lost rather than being recoverable by Vader governance.Recommended Mitigation Steps
Permission this function to only allow Vader governance to claim tokens.