sherlock-audit / 2024-06-makerdao-endgame-judging

1 stars 1 forks source link

zraxx - A malicious urn owner can steal all funds. #81

Closed sherlock-admin4 closed 1 month ago

sherlock-admin4 commented 1 month ago

zraxx

High

A malicious urn owner can steal all funds.

Summary

A malicious urn owner can steal all funds by calling function free.

Root Cause

https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/lockstake/src/LockstakeEngine.sol#L238-L246 https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/lockstake/src/LockstakeEngine.sol#L340-L344 In LockstakeEngine.sol, anyone can open a urn contract. Users may stake into this contract due to a seemingly profit. However, a malicious urn owner may steal all users' funds at any time through the function free.

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

The attacker open a urn contract, and set a good benfit to attract users to stake ( by function lock).
Users stake into this contract.
The attacker calls function free to steal all funds.

Impact

Users' funds will be stolen.

PoC

No response

Mitigation

Need to ensure that the urn owner is trustworthy.

telome commented 1 month ago

Not an issue. Collateral can obviously only be withdrawn if it's been previously deposited to a user's own urn.