search

sherlock-audit / 2024-05-sophon-judging

1 stars 1 forks source link

0xShoonya - Booster Proceeds Draining Using `withdrawProceeds()` Function in case of Private Key Hacks #199

Closed sherlock-admin3 closed 1 month ago

sherlock-admin3 commented 1 month ago

0xShoonya

medium

Booster Proceeds Draining Using withdrawProceeds() Function in case of Private Key Hacks

Summary

The withdrawProceeds function in SophonFarming.sol allows the contract owner to withdraw all booster proceeds from a specified pool without any checks or restrictions.

Vulnerability Detail

The withdrawProceeds function in the SophonFarming.sol allows the owner to withdraw all booster proceeds from a specified pool.

Without any checks or restrictions, a malicious owner could exploit this function to drain all booster proceeds from all pools.

    function withdrawProceeds(uint256 _pid) external onlyOwner {
        PoolInfo storage pool = poolInfo[_pid];
        uint256 _proceeds = heldProceeds[_pid];
        heldProceeds[_pid] = 0;
        pool.lpToken.safeTransfer(msg.sender, _proceeds);
        emit WithdrawProceeds(_pid, _proceeds);
    }

There is no timelock structure in the process of using this owner privilege.

In parallel with the private key thefts of the project owners, which have increased recently, this vulnerability has been stated as medium.

Impact

if the owner's private key is compromised, an attacker could exploit this function to steal all the funds from the pools.

Code Snippet

https://github.com/sherlock-audit/2024-05-sophon/blob/05059e53755f24ae9e3a3bb2996de15df0289a6c/farming-contracts/contracts/farm/SophonFarming.sol#L863C3-L869C6

Tool used

Manual Review

Recommendation

To address this vulnerability, it is recommended to implement a timelock mechanism to use onlyOwner privileges.

sherlock-admin3 commented 1 month ago

1 comment(s) were left on this issue during the judging contest.

0xmystery commented:

invalid because owner is multisig