Closed sherlock-admin4 closed 1 month ago
zraxx
High
A malicious urn owner can steal all funds by calling function free.
free
https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/lockstake/src/LockstakeEngine.sol#L238-L246 https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/lockstake/src/LockstakeEngine.sol#L340-L344 In LockstakeEngine.sol, anyone can open a urn contract. Users may stake into this contract due to a seemingly profit. However, a malicious urn owner may steal all users' funds at any time through the function free.
LockstakeEngine.sol
No response
lock
Users' funds will be stolen.
Need to ensure that the urn owner is trustworthy.
Not an issue. Collateral can obviously only be withdrawn if it's been previously deposited to a user's own urn.
zraxx
High
A malicious urn owner can steal all funds.
Summary
A malicious urn owner can steal all funds by calling function
free
.Root Cause
https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/lockstake/src/LockstakeEngine.sol#L238-L246 https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/lockstake/src/LockstakeEngine.sol#L340-L344 In
LockstakeEngine.sol
, anyone can open a urn contract. Users may stake into this contract due to a seemingly profit. However, a malicious urn owner may steal all users' funds at any time through the functionfree
.Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
lock
).free
to steal all funds.Impact
Users' funds will be stolen.
PoC
No response
Mitigation
Need to ensure that the urn owner is trustworthy.