In order for a vault to use a transformer first it must be enabled on that transformer through the setVault function that enables/disables it:
function setVault(address _vault, bool _active) public onlyOwner {
emit VaultChanged(_vault, _active);
vaults[_vault] = _active;
}
The AutoCompound transformer implements a function called withdrawLeftoverBalances that allows accounts to withdraw any leftover balances after their positions were processed. Problem was that if the vault was subsequently disabled it would DOS the withdrawal for users that transform their positions through V3Vault
Mitigation
PR-18 successfully mitigates the original issue by refactoring the setVault so that it cannot disable vaults once enabled
Lines of code
Vulnerability details
C4 Issue
M-10: Users's tokens stuck in AutoCompound after Vault is deactivated
Issue Details
In order for a vault to use a transformer first it must be enabled on that transformer through the
setVault
function that enables/disables it:The
AutoCompound
transformer implements a function calledwithdrawLeftoverBalances
that allows accounts to withdraw any leftover balances after their positions were processed. Problem was that if the vault was subsequently disabled it would DOS the withdrawal for users that transform their positions throughV3Vault
Mitigation
PR-18 successfully mitigates the original issue by refactoring the
setVault
so that it cannot disable vaults once enabledConclusion
Mitigation Confirmed