search

code-423n4 / 2022-12-tigris-findings

8 stars 4 forks source link

User assets in StableVaults may be drain #553

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/StableVault.sol#L78-L83 https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/StableVault.sol#L65-L72

Vulnerability details

Impact

All users may lose all their assets in StableVault

Proof of Concept

Owner can drain all the valuable assets in the StableVault easily and quickly like this:

  1. Create a mock ERC20 token
  2. Mint a lot of the mock token, e.g. 10^15 * 10^18
  3. Call StableVault.sol#listToken to list the mock token
  4. Deposit a lot of the mock token to the vault
  5. Call StableVault.sol#withdraw drain all the valuable assets in the vault. Each asset needs to be called only once.

Tools Used

Manual

Recommended Mitigation Steps

All assets supported by the vault should be fixed at construction time and can not be modified. The owner will not be able to list any new token after the StableVault is deployed. If there is a real need, consider deploying a new StableVault contract.

GalloDaSballo commented 1 year ago

Admin Privilege Drain Attack

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #383

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #377

c4-judge commented 1 year ago

GalloDaSballo marked the issue as satisfactory