search

code-423n4 / 2023-07-pooltogether-findings

12 stars 7 forks source link

Anybody can mint shares using mintYieldFee without ever depositing #160

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L394

Vulnerability details

Impact

In Vault.sol, there is a function mintYieldFee() that allows to mint yield fee to the yield recipient. However, there are no any checks on whether the user has ever deposited liquidity. This allows anybody to just get shares without providing any economic incentives

Proof of Concept

https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L394-402

Tools Used

Manual review

Recommended Mitigation Steps

Add check to see whether the user possesses specific criteria to mint himself yield fee

Assessed type

Access Control

c4-judge commented 1 year ago

Picodes marked the issue as duplicate of #396

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Invalid