In the deposit function, a check is made to see if the amount of assets being deposited by the user is greater than the amount of assets the vault currently holds. The vault then transfers the difference between the assets being deposited and the vault’s assets if the condition is true, otherwise it simply transfers the assets to the Yield Vault. However, the assets transferred in this situation come from the vault and not the attacker. An attacker could use this to get the vault to deposit assets and mint shares to them without contributing a single asset to the vault. The attacker could then withdraw their minted shares from the vault and profit from the exploit.
Manual review and Foundry for tests
Getting rid of the conditional statement is advised. The deposit function should always make a transfer of funds from the user before a deposit to the Yield Vault is made.
Token-Transfer
The text was updated successfully, but these errors were encountered:
All reactions