A manager can withdraw all amount and DoS withdrawals #220
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-254
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/prepo-io/prepo-monorepo/blob/feat/2022-12-prepo/apps/smart-contracts/core/contracts/Collateral.sol#L80-L83
https://github.com/prepo-io/prepo-monorepo/blob/feat/2022-12-prepo/apps/smart-contracts/core/contracts/WithdrawHook.sol#L58
Vulnerability details
Impact
Manager for
Collateral
smart contract has complete role over collateral funds and is able to withdraw all of itThe assumption is that the manager is honest, even though there is a big risk with wrongly configured MultiSig (e.g. admin that can circumvent M of N votes to take an action), keys compromise, even moving funds to unepected address which would lead to funds being lost.
Proof of Concept
Manager can call managerWithdraw to get all the funds:
or halt withdrawals:
Tools Used
VS Code
Recommended Mitigation Steps
If only function of this is to move funds to some yield bearing protocol (e.g. Aave, DEXes), please implement supposed functionality in the smart contract. Otherwise, it's best to remove the function completely.
The text was updated successfully, but these errors were encountered: