Closed code423n4 closed 2 years ago
The wrapper is designed so that it never holds any convex token that would be destined for wrapping when a transaction ends. The only tokens that can ever be present in the wrapper are non-distributed rewards.
If any convex is left in the wrapper without calling wrap
, it will be harvested by bots, and we are fine with that as explained in the README.
As per the sponsor reply, the wrapper is a utility tool meant to be called atomically by other smart contracts. No funds are supposed to be stuck in this wrapper. For this reason, and because the warden failed to display a way for funds to be stuck, I believe the finding to be invalid
Handle
0x1f8b
Vulnerability details
Impact
Owner can steal the funds.
Proof of Concept
The owner has the method
shutdownAndRescue
for retrive all theconvexToken
tokens and shutdown the service, but usingrecoverERC20
is possible to drain this funds without shutdown the service, it should be checked that the token is notconvexToken
inside this method.Affected method:
Tools Used
Manual review.
Recommended Mitigation Steps
Add a check inside
recoverERC20
to check that the token is notconvexToken