Unauthorized Liquidity Withdrawal from Unwhitelisted Pools

[c4-bot-6]

Lines of code

https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/staking/Liquidity.sol#L121-L140

Vulnerability details

Impact

One potential impact of this vulnerability is that unauthorized liquidity withdrawals from unwhitelisted pools could lead to financial losses or manipulation of the system. Malicious actors might exploit this weakness to withdraw funds from pools that should not be accessible, jeopardizing the overall integrity of the DeFi ecosystem.

Proof of Concept

The vulnerability is primarily observed in the _withdrawLiquidityAndClaim function, which handles the withdrawal of liquidity and the claiming of rewards. This function assumes that the user has a sufficient liquidity share for the specified pool (poolID). However, it does not explicitly check whether the underlying pool is whitelisted or unwhitelisted.

function _withdrawLiquidityAndClaim(
    IERC20 tokenA,
    IERC20 tokenB,
    uint256 liquidityToWithdraw,
    uint256 minReclaimedA,
    uint256 minReclaimedB
) internal returns (uint256 reclaimedA, uint256 reclaimedB)

The absence of a whitelisting check in this function raises concerns as it may allow users to withdraw liquidity from pools that are not authorized. This lack of validation could compromise the security of the DeFi system.

Tools Used

Manual

Recommended Mitigation Steps

Implement a whitelisting check within the _withdrawLiquidityAndClaim function or create a modifier, such as onlyWhitelistedPool, to ensure that the withdrawal operation is only allowed for pools that are explicitly whitelisted.

Assessed type

Context

[c4-judge]

Picodes marked the issue as unsatisfactory: Invalid