iamsahu
commented
2 years ago Duplicate of #4
Closed code423n4 closed 2 years ago
iamsahu
commented
2 years ago Duplicate of #4
GalloDaSballo
commented
2 years ago The finding is invalid as per the discussion on #4 Additionally the entire logic is basically a cache and doesn't seem to have much impact
Handle
0x1f8b
Vulnerability details
Impact
Anyone can create vaults and remove vaults from anyone.
Proof of Concept
The contract
ConvexYieldWrapperexpose two methods:addVaultshow in his commentAdds a vault to the user's vault listbut according to the code it not use the users vault, it use owner vault, sender was not checked (not very risky).removeVaultshow in his commentRemove a vault from the user's vault listbut it's possible for anyone to remove a vault from anyone, it doesn't care about if the vault is yours or not, you only need to specify the owner in the argumentaccount.Tools Used
Manual review.
Recommended Mitigation Steps
Add auth mechanism for add and remove methods.