maxklenk
commented
2 years ago The contract does not hold any user funds. The withdraw function is only added to withdraw funds to the users that accidentally ended up in the contract.
Closed code423n4 closed 2 years ago
maxklenk
commented
2 years ago The contract does not hold any user funds. The withdraw function is only added to withdraw funds to the users that accidentally ended up in the contract.
gzeoneth
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-03-Li.finance/blob/main/src/Facets/WithdrawFacet.sol#L20
Vulnerability details
admin can steal all user funds