Open c4-bot-1 opened 10 months ago
0xSorryNotSorry marked the issue as sufficient quality report
0xSorryNotSorry marked the issue as primary issue
Very nice catch, thanks a lot for reporting :)
eswak (sponsor) confirmed
Trumpero marked the issue as satisfactory
Trumpero marked the issue as selected for report
Lines of code
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/rate-limits/RateLimitedMinter.sol#L52
Vulnerability details
med
Impact
From the contest documentation:
However, due to the
whenNotPaused
modifier in theRateLimitedMinter.mint()
function, users who haveCREDIT
tokens staked on a gauge with a pendingguildReward
will not be able to withdraw their funds. This is because theSurplusGuildMinter.unstake()
function attempts to mint rewards through theRateLimitedMinter
in thegetRewards()
function prior to unstaking. If the protocol is paused, this step will fail, causing the transaction to revert and preventing users from withdrawing their funds.Proof of Concept
Consider a scenario where Alice has
CREDIT
tokens staked on a gauge with a pendingguildReward
. Then, the protocol is paused and Alice attempts to unstake her tokens by calling theSurplusGuildMinter.unstake()
function, which in turn calls thegetRewards()
function. This function attempts to mint rewards through theRateLimitedMinter.mint()
function. However, because the protocol is paused, this function cannot be executed, causing the transaction to revert and preventing Alice from unstaking and withdrawing her funds.https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/rate-limits/RateLimitedMinter.sol#L52 https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/loan/SurplusGuildMinter.sol#L158-L163 https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/loan/SurplusGuildMinter.sol#L259
Tools Used
Manual review
Recommended Mitigation Steps
Provide an
emergencyWithdraw
method allowing users to withdraw their funds while foregoing rewards when the protocol is paused. This change should be carefully reviewed and tested to ensure it does not introduce other security risks.Assessed type
Other