iamsahu
commented
2 years ago Refer to #4 which prevents the mentioned from happening
Closed code423n4 closed 2 years ago
iamsahu
commented
2 years ago Refer to #4 which prevents the mentioned from happening
GalloDaSballo
commented
2 years ago Invalid per discussion on #4
Handle
Tomio
Vulnerability details
Impact
In the
https://github.com/code-423n4/2022-01-yield/blob/main/contracts/ConvexModule.sol#L15the addVault() take 2 parameters as input, convexStakingWrapper, and vaultId, however the convexStakingWrapper is user controllable therefore the user could make an external call user controllable contractProof of Concept
https://github.com/code-423n4/2022-01-yield/blob/main/contracts/ConvexModule.sol#L15 https://github.com/code-423n4/2022-01-yield/blob/main/contracts/ConvexModule.sol#L27
Tools Used
Recommended Mitigation Steps