Missing External Transfer Function In Vault

[code423n4]

Lines of code

https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L1154

Vulnerability details

Impact

Balances of TwabController for a vault can not be transferred.

Proof of Concept

The Vault implements an internal _transfer function meant to be used to transfer balances within the TwabController:

  function _transfer(address _from, address _to, uint256 _shares) internal virtual override {
    _twabController.transfer(_from, _to, uint96(_shares));

    emit Transfer(_from, _to, _shares);
  }

However, there is no externally callable function implemented that makes use of this function.

Tools Used

Manual Review

Recommended Mitigation Steps

Add an external function that makes use of transfer, while also performing necessary input validation if necessary

Assessed type

Other

[c4-judge]

Picodes marked the issue as unsatisfactory: Invalid