Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some Strategy functions can't be called from the Vault #103

Closed
code423n4 opened this issue Jan 11, 2022 · 2 comments
Closed

Some Strategy functions can't be called from the Vault #103

code423n4 opened this issue Jan 11, 2022 · 2 comments
Assignees
@r2moon
Labels
1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sponsor strategy Strategy

Comments

@code423n4
Copy link
Contributor

Handle

palina

Vulnerability details

Impact

BaseStrategy.sol contract implement modifiers (onlyVault() and restricted()) suggesting that its Vault should have the capability to invoke some of the restricted functionality, including withdrawAllToVault() and withdrawToVault().

However, according to the implementation, Vault.sol, contains only the call to Strategy's doHardWork() and investedAssets() (but not withdrawAllToVault() and withdrawToVault()). This suggests that this functionality might be missing in the implementation of Vault, which might lead to funds being locked in the strategy.

In BaseStrategy.sol, the defined onlyVault() modifier is never used.

Proof of Concept

https://github.com/code-423n4/2022-01-sandclock/blob/a90ad3824955327597be00bb0bd183a9c228a4fb/sandclock/contracts/strategy/BaseStrategy.sol#L70

https://github.com/code-423n4/2022-01-sandclock/blob/a90ad3824955327597be00bb0bd183a9c228a4fb/sandclock/contracts/strategy/BaseStrategy.sol#L76

https://github.com/code-423n4/2022-01-sandclock/blob/a90ad3824955327597be00bb0bd183a9c228a4fb/sandclock/contracts/strategy/BaseStrategy.sol#L234

Tools Used

Manual Analysis

Recommended Mitigation Steps

Add the missing functionality (i.e., withdrawal from Strategy) to Vault or refine the modifiers in Strategy.sol to reflect the chosen role hierarchy (i.e., define the onlyGovernance() modifier to be applied to functions that are not intended to be called by a Vault; remove the onlyVault() modifier that is never used).
@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Jan 11, 2022
code423n4 added a commit that referenced this issue Jan 11, 2022
@code423n4
palina issue #103
ba94244
@r2moon r2moon added invalid This doesn't seem right and removed invalid This doesn't seem right labels Jan 11, 2022
@naps62
Copy link
Collaborator

naps62 commented Jan 18, 2022

This was indeed an issue, but a low-risk one. The implementation works as intended in this regard, but became confusing after some refactors.

@naps62 naps62 added the disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) label Jan 18, 2022
@dmvt
Copy link
Collaborator

dmvt commented Jan 28, 2022

Agreed on severity.

@dmvt dmvt added 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Jan 28, 2022
@r2moon r2moon added the sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons label Jan 28, 2022
@r2moon r2moon self-assigned this Jan 28, 2022
@r2moon r2moon closed this as completed Feb 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@r2moon r2moon

Labels
1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sponsor strategy Strategy
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@naps62 @gabrielpoca @dmvt @r2moon @code423n4