StakedCitadelVester contract doesn't support the IVesting interface, so the withdrawal of Citadel from the StakedCitadel contract will be impossible because the IVesting(vesting).setupVesting(msg.sender, _amount, block.timestamp); call will revert (because the function doesn't exist).
Tools Used
Remix & VS Code
Recommended Mitigation Steps
Change the vest function of the StakedCitadelVester contract to match the IVesting interface
jack-the-pug
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-04-badger-citadel/blob/18f8c392b6fc303fe95602eba6303725023e53da/src/StakedCitadelVester.sol#L132-L136 https://github.com/code-423n4/2022-04-badger-citadel/blob/18f8c392b6fc303fe95602eba6303725023e53da/src/StakedCitadel.sol#L830 https://github.com/code-423n4/2022-04-badger-citadel/blob/18f8c392b6fc303fe95602eba6303725023e53da/src/interfaces/citadel/IVesting.sol#L5-L9
Vulnerability details
Impact
StakedCitadelVestercontract doesn't support theIVestinginterface, so the withdrawal of Citadel from theStakedCitadelcontract will be impossible because theIVesting(vesting).setupVesting(msg.sender, _amount, block.timestamp);call will revert (because the function doesn't exist).Tools Used
Remix & VS Code
Recommended Mitigation Steps
Change the
vestfunction of theStakedCitadelVestercontract to match theIVestinginterface