Closed sherlock-admin closed 1 year ago
ChainId can be switched off by sendFeedbackToVault; incorrect because "vaults[_vaultNumber].chainIdOff[_chainId]" is set by "settleCurrentAllocation" which is internal. The function 'sendFeedbackToVaultreads out the variable
vaults[_vaultNumber].chainIdOff[_chainId]and calls
settleCurrentAllocation` crosschain.
imare
medium
Deposits and withdrawal can be blocked by anyone
Summary
Vaults have a modifier
onlyWhenVaultIsOn
that checks if a vault is enabled. In the case a vault is disabled then withdrawal and deposits for such vault are denied/reverted.XChainController#sendFeedbackToVault
its a method that can be called by anyone and can disable a targeted vault.Vulnerability Detail
By calling this method:
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/XChainController.sol#L247-L255
we can make the modifier
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/MainVault.sol#L75-L79
revert on deposits/withdrawals.
Impact
Anyone can block withdrawal/deposits from a vault
Code Snippet
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/XChainController.sol#L247-L255
Tool used
Manual Review
Recommendation
Have an access guard on
XChainController#sendFeedbackToVault
for example likeonlyGuardian
.