Closed code423n4 closed 1 year ago
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L394
Anyone can come and claim the yield fee for themselves.
In testLiquidateAndMintFees in Liquidate.t.sol just change this line:
testLiquidateAndMintFees
Liquidate.t.sol
vault.setYieldFeeRecipient(bob);
to a random address
vault.setYieldFeeRecipient(0xc0ffee);
and keeping that line:
vault.mintYieldFee(_yieldFeeShares, bob);
by running forge test --match-test testLiquidateAndMintFees it returns no errors.
forge test --match-test testLiquidateAndMintFees
Fee shares are minting to bob even though is not the fee recipient.
foundry
Send fees to the right recipient
Access Control
Picodes marked the issue as duplicate of #396
Picodes changed the severity to 3 (High Risk)
Picodes marked the issue as satisfactory
Lines of code
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L394
Vulnerability details
Impact
Anyone can come and claim the yield fee for themselves.
Proof of Concept
In
testLiquidateAndMintFees
inLiquidate.t.sol
just change this line:to a random address
and keeping that line:
by running
forge test --match-test testLiquidateAndMintFees
it returns no errors.Fee shares are minting to bob even though is not the fee recipient.
Tools Used
foundry
Recommended Mitigation Steps
Send fees to the right recipient
Assessed type
Access Control