Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-07-POOLTOGETHER-FINDINGS-ISSUES-389
HistoryJul 14, 2023 - 12:00 a.m.

No access control for mintYieldFee()

2023-07-1400:00:00
Code4rena
github.com
2
vulnerability details impact proof of concept tools used recommended mitigation steps assessed type access control manual review whitelist callers.
JSON

Lines of code

Vulnerability details

Impact

Anyone can mint the yield fee using mintYieldFee().

Proof of Concept

mintYieldFee() mints the shares for yield fee.

  function mintYieldFee(uint256 _shares, address _recipient) external {
    _requireVaultCollateralized();
    if (_shares > _yieldFeeTotalSupply) revert YieldFeeGTAvailable(_shares, _yieldFeeTotalSupply);

    _yieldFeeTotalSupply -= _shares;
    _mint(_recipient, _shares);

    emit MintYieldFee(msg.sender, _recipient, _shares);
  }

This function mints the shares to the _recipient and reduces _yieldFeeTotalSupply accordingly.

But there is no access control here and anyone can steal the yield fee using this function.

Tools Used

Manual Review

Recommended Mitigation Steps

mintYieldFee() should have a whitelist for callers.

Assessed type

Access Control

The text was updated successfully, but these errors were encountered:

All reactions

JSON