Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-07-POOLTOGETHER-FINDINGS-ISSUES-455
HistoryJul 14, 2023 - 12:00 a.m.

Attacker can steal vault funds through the deposit function.

2023-07-1400:00:00
Code4rena
github.com
7
vulnerability
deposit function
asset transfer
attacker
exploit
shares
proof of concept
mitigation
conditional statement
token transfer
JSON

Lines of code

Vulnerability details

Impact

In the deposit function, a check is made to see if the amount of assets being deposited by the user is greater than the amount of assets the vault currently holds. The vault then transfers the difference between the assets being deposited and the vault’s assets if the condition is true, otherwise it simply transfers the assets to the Yield Vault. However, the assets transferred in this situation come from the vault and not the attacker. An attacker could use this to get the vault to deposit assets and mint shares to them without contributing a single asset to the vault. The attacker could then withdraw their minted shares from the vault and profit from the exploit.

#Proof of Concept

Tools Used

Manual review and Foundry for tests

Recommended Mitigation Steps

Getting rid of the conditional statement is advised. The deposit function should always make a transfer of funds from the user before a deposit to the Yield Vault is made.

Assessed type

Token-Transfer

The text was updated successfully, but these errors were encountered:

All reactions

JSON