Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-07-POOLTOGETHER-FINDINGS-ISSUES-454
HistoryJul 14, 2023 - 12:00 a.m.

No access control on mintYieldFee

2023-07-1400:00:00
Code4rena
github.com
5
vulnerability details
impact
proof of concept
tools used
recommended mitigation steps
assessed type
access control
manual review
JSON

Lines of code

Vulnerability details

Impact

Lack of access-control allows anyone to mint the yield fee to himself.

Proof of Concept

Vault.mintYieldFee does not restrict the _recipient yield fees:

  function mintYieldFee(uint256 _shares, address _recipient) external {
    _requireVaultCollateralized();
    if (_shares > _yieldFeeTotalSupply) revert YieldFeeGTAvailable(_shares, _yieldFeeTotalSupply);

    _yieldFeeTotalSupply -= _shares;
    _mint(_recipient, _shares);

    emit MintYieldFee(msg.sender, _recipient, _shares);
  }

Tools Used

Manual Review

Recommended Mitigation Steps

Dont use an extra parameter for the recipient and use the contracts _yieldFeeRecipient instead.

Assessed type

Access Control

The text was updated successfully, but these errors were encountered:

All reactions

JSON