Closed code423n4 closed 2 years ago
robee
Anyone can withdraw users shares. Although we think that they are sent to the right address, it is still 1) not the desired behavior 2) can be dangerous if the receiver is a smart contract 3) the receiver may not know someone withdraw him
Sherlock.yieldStrategyWithdraw AaveV2Strategy.withdraw SherlockProtocolManager.withdrawActiveBalance Sherlock.yieldStrategyWithdrawAll AaveV2Strategy.withdrawAll
Handle
robee
Vulnerability details
Anyone can withdraw users shares. Although we think that they are sent to the right address, it is still 1) not the desired behavior 2) can be dangerous if the receiver is a smart contract 3) the receiver may not know someone withdraw him