Missing override for _emergencyWithdraw()
Summary
The strategy contracts inherit the BaseStrategy and utilizes its functionality to implement a yield-bearing strategy. However, these contracts do not override the _emergencyWithdraw() function, which is critical for enabling administrators to manually withdraw funds during a strategy shutdown or emergency. This omission creates a risk that funds could remain inaccessible in situations where the strategy is unable to operate normally.
Vulnerability Details
_emergencyWithdraw() is not override in strategy contracts. Also inherited BaseStrategy contract has _emergencyWithdraw() definition but empty.
As a result, when the strategy is in shutdown mode and an administrator attempts to invoke the emergencyWithdraw function, the call will fail to free any funds because the _emergencyWithdraw() implementation is missing.
Impact
Inaccessibility of Funds: In a shutdown or emergency, administrators will not be able to withdraw funds that are locked in the protocol.
Operational Risk: The absence of
_emergencyWithdraw()limits the strategy's ability to recover from adverse scenarios, potentially causing loss of user funds or failure to comply with emergency protocols.
Tools Used
manual
Recommendations
Implement the _emergencyWithdraw() function in strategy contracts(StrategyMainnet, StrategyOp, StrategyArb) using the _freeFunds() function to ensure funds can be released during emergencies.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.