MoneyVault::Withdraw Reverts Due to Restrictive onlyMoneyShelf Modifier in CrimeMoney::burn Function
Summary
The CrimeMoney::burn function is restricted by an onlyMoneyShelf modifier, meaning that only the MoneyShelf contract can burn CrimeMoney. However, the burn function is also called in the MoneyVault::withdraw function, causing it to revert due to the lack of the necessary role being granted to the MoneyVault in the EmergencyMigration.s.sol script.
Vulnerability Details
The MoneyVault::withdraw function relies on the CrimeMoney::burn function, which is currently restricted by the onlyMoneyShelf modifier. This modifier only allows the MoneyShelf contract to burn CrimeMoney. As the MoneyVault does not have this role, any attempt to withdraw from the MoneyVault will revert. Additionally, the revert message "CrimeMoney: only MoneyShelf can mint" is misleading when used in the context of the burn function.
Impact
The restriction causes the withdrawal functionality of the MoneyVault to be inoperative, effectively trapping all funds within the MoneyVault contract. This can lead to significant operational issues and loss of access to funds.
Tools Used
Manual Review
Recommendations
Add a new modifier onlyAuthorized
Update the CrimeMoney::burn function to use the onlyAuthorized modifier:
Lead Judging Commences
MoneyVault cannot burn or mint CrimeMoney
Godfather can add the role manually
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.