Closed code423n4 closed 1 year ago
dmvt marked the issue as duplicate of #23
RedVeil marked the issue as sponsor confirmed
dmvt marked the issue as partial-50
dmvt marked the issue as full credit
Full credit restored taking into account the quality of #23
dmvt marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2023-01-popcorn/blob/36477d96788791ff07a1ba40d0c726fb39bf05ec/src/vault/adapter/yearn/YearnAdapter.sol#L171
Vulnerability details
Impact
Funds can remain locked in yearn without the possibility for users to withdraw or the protocol to pause.
Proof of Concept
Yearn vaults withdrawal can be with a loss.
This usually happens when the vault needs to fetch tokens from strategies. Yearn uses a default 0.01% max loss. If the loss exceeds 0.01%, user funds won't be withdrawable and will remain locked within yearn.
Note that the the pause function has more chances to revert than a single user since it will fetch the entire protocol assets from the vault, resulting in a non-functional pause function.
For reference: https://github.com/yearn/yearn-vaults/blob/master/contracts/Vault.vy#L1033
Tools Used
Manual review
Recommended Mitigation Steps
Add a maxLoss parameter to pause and new withdraw