The only action required from the Puffer protocol is to allow everyone to call these functions, as there is currently a restricted modifier that functions similarly to the whenNotPaused modifier from Pausable.sol.
Essentially, the Puffer protocol will allow withdrawals soon by changing access to the functions
* @dev Restricted in this context is like `whenNotPaused` modifier from Pausable.sol
Impact
The Napier protocol stated that Puffer doesn't have a withdrawal function yet, which is why they didn't implement withdrawal functions. However, this is not true.
merlin
medium
PufETHAdapter has not implemented withdrawal functions
Summary
There are many NatSpec comments stating that
Puffer does not have a withdrawal function yet
. However, this is not true.Vulnerability Detail
In the older version of
PufferVault.sol
, the withdraw and redeem functions were indeed not implemented:However, in the new version,
PufferVaultV2.sol
, these functions are now present.The only action required from the Puffer protocol is to allow everyone to call these functions, as there is currently a
restricted
modifier that functions similarly to thewhenNotPaused
modifier fromPausable.sol
. Essentially, the Puffer protocol will allow withdrawals soon by changing access to the functionsImpact
The Napier protocol stated that Puffer doesn't have a withdrawal function yet, which is why they didn't implement withdrawal functions. However, this is not true.
Code Snippet
src/adapters/puffer/PufETHAdapter.sol#L89-L102
Tool used
Manual Review
Recommendation
The PufferVaultV2.sol address hasn't changed, only the implementation has. Consider implementing withdrawal functions.