Call StableVault.sol#withdraw drain all the valuable assets in the vault. Each asset needs to be called only once.
Tools Used
Manual
Recommended Mitigation Steps
All assets supported by the vault should be fixed at construction time and can not be modified.
The owner will not be able to list any new token after the StableVault is deployed.
If there is a real need, consider deploying a new StableVault contract.
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/StableVault.sol#L78-L83 https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/StableVault.sol#L65-L72
Vulnerability details
Impact
All users may lose all their assets in StableVault
Proof of Concept
Owner can drain all the valuable assets in the StableVault easily and quickly like this:
10^15 * 10^18
Tools Used
Manual
Recommended Mitigation Steps
All assets supported by the vault should be fixed at construction time and can not be modified. The owner will not be able to list any new token after the StableVault is deployed. If there is a real need, consider deploying a new StableVault contract.