Open zapaz opened 3 months ago
I believe the bug was found invalid.
I believe the bug was found invalid.
they said it's fully valid, but considered it out of scope... until they got hacked this way ;-(
Can you please add hoytech
and erik1o6
from euler as collaborators?
If there's a limit on how many collaborators you can add, you can make this public, since the contest is over.
Can you please add hoytech and erik1o6 from euler as collaborators?
done
If there's a limit on how many collaborators you can add, you can make this public, since the contest is over.
done also :-)
Relevant Context
A seemingly harmless SimpleVault inheriting from the EVK can drain all the Assets of the Vault.
Finding Description
The EVK VaultModule can deposit into itself, causing an internal inconsistency between the actual Vault balance and
totalAssets()
. (more precisely betweenasset.balanceOf(address(vault))
andvault.totalAssets()
), even without using any borrowing functionnality.SimpleVault, a contract inheriting from EVault, that appears completely harmless on its own, can exploit this inconsistency by calling VaultModule code to drain all the Assets of the Vault.
SimpleVault
code:The hack here is to call
this.deposit
andthis.withdraw
instead ofdeposit
andwithdraw
to enable the Vault to be the actual caller. So depositing into itself, implying it's own balance unchanged (due to a transfer of Assets to itsef, sort oftransfer(from, to)
withto == from
)So anyone can call
stake
withtotalAssets()
amount, and then callunstake
with the same amount, draining all the Assets of the Vault in 2 transactions.Impact Explanation
EVK is unsecure, and can't be used as is as a Kit. If anyone promote a Vault like
SimpleVault
or any other form of EVK derivated Vault, inheriting fromEVault
, extanding it with new modules or modifying existing EVK code, can exploit this weakness and steal all users funds deposited in the Vault, event if the Vault is permissionless.Main concern here is that
SimpleVault
seems harmless, but use one invisible EVK weakness.Likelihood Explanation
As soon as this type of derivated Vault from EVK is deployed, it can be exploited.
The likelihood is high, as the code is public and the exploit is easy to understand and implement.
The only hurdle is to promote this malicious Vault, without audits (saying "it's only 2 lines of code added..."), to attract users and encourange them to deposit funds in it.
Impact is that all sort of Vault like
SimpleVault
derivated from the EVK can drain all the assets in 2 transactions.Proof of Concept
Weakness has been found via a Certora rule.
Certora rule detecting the issue
This rule has counter examples only when
actualCaller == vault
, i.e.shares > 0
without balance changeHere is a POC with a forge test, including traces and asserts:
DepositSelfHack
POC contract - Filetest/contest/DepositSelfHack.sol
:SimpleVault
Test Setup - Filetest/contest/SimpleVaultTest.sol
:forge test --mt depositSelfHack -vv
produces this output:Recommendation
To prevent this weakness, add a one line check to prevent the Vault from depositing to itself.
Vault.sol
deposit
function - Lines 123-128 of Filesrc/EVault/modules/Vault.sol
: