Missing emergency withdraw function in stategy contracts
Title
Missing emergency withdraw function in stategy contracts
Summary
Stategy contracts didn't override _emergencyWithdraw function to manually withdraw deployed funds from the yield source.
Vulnerability Details
BaseStrategy contract has _emergencyWithdraw function that needs to be overridden that will allow management to manually withdraw deployed funds from the yield source if a strategy is shutdown.
However, none of the contracts have implemented this function, which could result in potential fund loss or locking. This issue is particularly concerning if the transmuter is compromised or if the routers behave abnormally.
Impact
The absence of an overridden _emergencyWithdraw function in the strategy contracts can lead to funds being stuck in the transmuter or strategy, with no way to bypass the standard withdrawal process during emergencies, potentially forcing users to accept unfavorable swaps to exit their positions.
Tools Used
Manual Review
Recommendations
Override the _emergencyWithdraw function for strategy contracts to make it possible to withdraw funds from the transmuter.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.