c4-judge
commented
1 year ago dmvt marked the issue as duplicate of #23
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago dmvt marked the issue as duplicate of #23
c4-sponsor
commented
1 year ago RedVeil marked the issue as sponsor confirmed
c4-judge
commented
1 year ago dmvt marked the issue as partial-50
c4-judge
commented
1 year ago dmvt marked the issue as full credit
dmvt
commented
1 year ago Full credit restored taking into account the quality of #23
c4-judge
commented
1 year ago dmvt marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2023-01-popcorn/blob/36477d96788791ff07a1ba40d0c726fb39bf05ec/src/vault/adapter/yearn/YearnAdapter.sol#L171
Vulnerability details
Impact
Funds can remain locked in yearn without the possibility for users to withdraw or the protocol to pause.
Proof of Concept
Yearn vaults withdrawal can be with a loss.
This usually happens when the vault needs to fetch tokens from strategies. Yearn uses a default 0.01% max loss. If the loss exceeds 0.01%, user funds won't be withdrawable and will remain locked within yearn.
Note that the the pause function has more chances to revert than a single user since it will fetch the entire protocol assets from the vault, resulting in a non-functional pause function.
For reference: https://github.com/yearn/yearn-vaults/blob/master/contracts/Vault.vy#L1033
Tools Used
Manual review
Recommended Mitigation Steps
Add a maxLoss parameter to pause and new withdraw