c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #723
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #723
c4-judge
commented
1 year ago GalloDaSballo marked the issue as partial-50
GalloDaSballo
commented
1 year ago Ultimately get's the issue right, but missing a little bit of context and info vs the main
Judge has assessed an item in Issue #653 as 2 risk. The relevant finding follows:
Detail Function finishFailedMinipoolByMultisig() did not transfer any funds or doing any data change, only updating state of minipool to Finished. In the comment, it said that it used to finish error pool. However, if minipool is at state Error, it still has AVAX stored in Vault. If it just update state to Finished, this amount of AVAX is locked and cannot return to owner.
Even though this issue is loss of funds but since it can only happen by Rialto calling so I put it in Low.
Recommendation Allowing Rialto to withdraw funds and maybe return to owner later.