First Flight #16: Mafia Takedown
First Flight #16
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

USDC directly transferred to `MoneyVault` will be stuck in it forever

codexbugmenot

Description

Even though depositing USDC is not allowed in MoneyVault any user can directly transfer their USDC to the MoneyVault and there is no way to retrieve it .

Impact

Direct USDC transfers to MoneyVault can lead to funds being stuck in the contract forever

Proof of Concept

There is no way to retrieve the USDC stuck in MoneyVault because of direct transfers

POC: Direct USDC transfers
function test_usdcDirectTransferToMoneyVault() public {
vm.prank(godFather);
usdc.transfer(address(this), 100e6);
// migration takes place here
EmergencyMigration migration = new EmergencyMigration();
(MoneyVault moneyVault, Emergency emergency) =
migration.migrate(kernel, usdc, crimeMoney, laundrette, moneyShelf);
// Direct USDC transfer to MoneyVault
usdc.transfer(address(moneyVault), 100e6);
//Final assertion
assertEq(usdc.balanceOf(address(moneyVault)), 100e6);
// This USDC cannot be retrieved
}

Recommended Mitigation

Adding an EmergencyTransfer function in MoneyVault which can only be called when godFather is kernel.admin() will fix this issue .

Since, it is a function for emergency pusposes godFather is required to become the admin of kernel to use this function , he can change the admin back to policy after calling the EmergencyTransfer function.

In MoneyVault.sol add the following function

function EmergencyTransfer() external {
require(msg.sender == kernel.executor(), "MoneyShelf: only GodFather can do this");
usdc.transfer(msg.sender, usdc.balanceOf(address(this)));
}
Updates

Lead Judging Commences

n0kto Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.