[WP-H20] Wrong implementation of withdrawRedundant() allows the Vault owner to drain all the funds

Handle WatchPug Vulnerability details Based on the context, withdrawRedundant intends to disallow the owner to withdraw more Vault tokens than the surplus amount. However, the current implementation is wrong, which allows the Vault owner to drain all the funds. function withdrawRedundantaddress...

backdoor in withdrawRedundant

Handle cmichel Vulnerability details The Vault.withdrawRedundant has wrong logic that allows the admins to steal the underlying vault token. function withdrawRedundantaddress token, address to external override onlyOwner if token == addresstoken && balance 0 // @audit they can rug users. let's sa...

Owner can withdraw all ERC20 tokens using withdrawRedundant

Handle camden Vulnerability details Impact The owner could potentially instantly withdraw all tokens using the withdrawRedundant function, which is probably not intended. Proof of Concept The attack would be that the owner gets compromised. The value of balance would have to be equal to or greate...