First Flight #16: Mafia Takedown
First Flight #16
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Failing Call

_frolic

Summary

Calls to the MoneyVault::withdrawUSDC function will always fail as the caller needs permission to call it.

Vulnerability Details

The MoneyVault::withdrawUSDC function will always revert when called by the godFather because it can only be called by a smart cntract with the appropriate permissions.

Impact

When the MoneyShelf module is upgraded to the MoneyVault module during an emergency, the godFather will be unable to withdraw the USDC in the contract as the call to MoneyVault::withdrawUSDC will always revert leading to the USDC being stuck.

Proof of Concept

Code
function test_withdrawFromMoneyVault() public {
joinGang(address(0));
uint256 godFatherStartingBal = usdc.balanceOf(godFather);
vm.startPrank(godFather);
usdc.approve(address(moneyShelf), 500e6);
laundrette.depositTheCrimeMoneyInATM(godFather, godFather, 250e6);
laundrette.depositTheCrimeMoneyInATM(godFather, godFather, 250e6);
vm.stopPrank();
EmergencyMigration migration = new EmergencyMigration();
MoneyVault moneyVault = migration.migrate(kernel, usdc, crimeMoney);
assertEq(address(kernel.getModuleForKeycode(Keycode.wrap("MONEY"))), address(moneyVault));
vm.startPrank(godFather);
//-------------Reverts-------------
moneyVault.withdrawUSDC(godFather, godFather, 500e6);
vm.stopPrank();
assertEq(usdc.balanceOf(godFather), godFatherStartingBal);
}

Tools Used

Manual Analysis

Recommendations

A call to the MoneyVault::withdrawUSDC function can be added to the laundrette Policy and the required permissions requested by it.

Updates

Lead Judging Commences

n0kto Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.