Private vault ownership nft can be subject for honeypot attack
Summary
Private vault ownership nft can be subject for honeypot attack
Vulnerability Detail
Ownership of private vault is tokenized to nft to render them as transferable to other users. Transferable can mean sale of nft to marketplace or simply an exchange between two different users. A malicious seller of this nft ownership can take advantage of the situation by frontrunning the sale or transfer transaction by executing the withdraw function and drain the funds inside the vault. The buyer will end up receiving worthless nft.
Here is the withdraw function that can be executed without restriction in regards of transferring the vault nft ownership to other user.
Ocean_Sky
medium
Private vault ownership nft can be subject for honeypot attack
Summary
Private vault ownership nft can be subject for honeypot attack
Vulnerability Detail
Ownership of private vault is tokenized to nft to render them as transferable to other users. Transferable can mean sale of nft to marketplace or simply an exchange between two different users. A malicious seller of this nft ownership can take advantage of the situation by frontrunning the sale or transfer transaction by executing the withdraw function and drain the funds inside the vault. The buyer will end up receiving worthless nft.
Here is the withdraw function that can be executed without restriction in regards of transferring the vault nft ownership to other user.
Proof of Concept
Consider this scenario
Impact
Lost of funds of the private vault right after the transfer.
Code Snippet
https://github.com/ArrakisFinance/arrakis-modular/blob/main/src/ArrakisMetaVaultPrivate.sol#L69-L79 https://github.com/ArrakisFinance/arrakis-modular/blob/main/src/abstracts/ArrakisMetaVault.sol#L230-L234 https://github.com/ArrakisFinance/arrakis-modular/blob/main/src/PALMVaultNFT.sol
Tool used
Manual Review
Recommendation
Implement a locking mechanism that prevents withdrawal of funds during the transfer.