search

code-423n4 / 2021-12-yetifinance-findings

0 stars 0 forks source link

Unsafe transfer of ERC20 gains in StabilityPool #213

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

kenzo

Vulnerability details

Some ERC20 tokens only return false and do not revert on failed transfer or transferForm. Yeti mostly handles this, but not in all places.

Impact

Lost yield for user.

Proof of Concept

Upon deposit or withdrawal to StabilityPool, Yeti will send the depositer his gains using _sendGainsToDepositor. This function does not check that the ERC20 transfer has not failed (unlike other places which do check.) (Code ref)

            } else {
                IERC20(assets[i]).transfer(_to, amounts[i]);
            }

Recommended Mitigation Steps

Check that the return value of transfer is empty or true.

kingyetifinance commented 2 years ago

Duplicate #1

kingyetifinance commented 2 years ago

Fixed

alcueca commented 2 years ago

Duplicate of #94

alcueca commented 2 years ago

Duplicate of issue by the same warden