Users can wrap their merchant moe lp tokens to the WLpMoeMasterChef contract to use it as collateral in init protocol.
Merchant moe MasterChef contract has emergencyWithdraw function(i don't know how to copy the line from explorer.mantle.xyz) that allows to withdraw lp tokens from contract in case of emergency in some rewarder contract or other cases. In this case there will be no claiming of rewards, just transferring of lp tokens.
But WLpMoeMasterChef doesn't have integration with that function which takes user's lp token under a risk.
Impact
In case of emergency users will not be able to unwrap.
Lines of code
https://github.com/code-423n4/2024-01-init-capital-invitational/blob/main/contracts/wrapper/WLpMoeMasterChef.sol#L21
Vulnerability details
Proof of Concept
Users can wrap their merchant moe lp tokens to the WLpMoeMasterChef contract to use it as collateral in init protocol.
Merchant moe
MasterChef
contract hasemergencyWithdraw
function(i don't know how to copy the line from explorer.mantle.xyz) that allows to withdraw lp tokens from contract in case of emergency in some rewarder contract or other cases. In this case there will be no claiming of rewards, just transferring of lp tokens.But
WLpMoeMasterChef
doesn't have integration with that function which takes user's lp token under a risk.Impact
In case of emergency users will not be able to unwrap.
Tools Used
VsCode
Recommended Mitigation Steps
Add integration with function.
Assessed type
Error