First Flight #16: Mafia Takedown
First Flight #16
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Funds are not moved

_frolic

Summary

The funds in the MoneyShelf contract are not moved to MoneyVault during migration.

Vulnerability Details

During an emergency the MoneyShelf contract is upgraded to the MoneyVault to protect the funds from the justice system or any other gang. But the funds are not moved to MoneyVault during or after upgrade.

Impact

After an upgrade is done the MoneyVault contract will still be empty and the godFather will not be able to withdraw the USDC tokens as there will be no tokens in the vault.

Proof of Concept

Code
function test_moveFundsWhenMigrating() public {
assertEq(address(kernel.getModuleForKeycode(Keycode.wrap("MONEY"))), address(moneyShelf));
vm.startPrank(godFather);
usdc.transfer(user, 100e6);
vm.stopPrank();
vm.startPrank(user);
usdc.approve(address(moneyShelf), 100e6);
laundrette.depositTheCrimeMoneyInATM(user, user, 100e6);
assertEq(usdc.balanceOf(user), 0);
assertEq(usdc.balanceOf(address(moneyShelf)), 100e6);
assertEq(crimeMoney.balanceOf(user), 100e6);
vm.stopPrank();
EmergencyMigration migration = new EmergencyMigration();
MoneyVault moneyVault = migration.migrate(kernel, usdc, crimeMoney);
assertEq(address(kernel.getModuleForKeycode(Keycode.wrap("MONEY"))), address(moneyVault));
assertEq(usdc.balanceOf(address(moneyVault)), 100e6);
}

Tools Used

Manual Analysis

Recommendations

During the migration the kernel contract should move the funds from MoneyShelf to MoneyVault contract.

Updates

Lead Judging Commences

n0kto Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Emergency migration leave the USDC

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.