Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing Curve Vault Approval for Share Withdrawals

otor

Summary

The _withdrawFromVault function in the LendingPool contract attempts to withdraw assets from the Curve vault without first approving the vault to spend the shares owned by the lending pool. Since shares are minted to the lending pool (address(this)), the contract needs to approve the vault to spend its shares before withdrawal.

Vulnerability Details

function _withdrawFromVault(uint256 amount) internal {
// Current implementation - Will fail due to missing share approval
curveVault.withdraw(amount, address(this), msg.sender, 0, new address[](0));
totalVaultDeposits -= amount;
}

The issue occurs because:

  1. During deposit, shares are minted to address(this) (LendingPool)

  2. When withdrawing, the contract needs to approve the vault to spend its shares

  3. No approval is given before calling withdraw()

  4. The transaction will revert due to insufficient allowance

Impact

  1. All withdrawals from Curve vault will fail

  2. Protocol cannot access deposited assets

  3. Could lead to locked funds in Curve vault

Tools Used

Recommendations

Add share approval before withdrawal:

function _withdrawFromVault(uint256 amount) internal {
// Get share amount needed for withdrawal
uint256 shares = curveVault.convertToShares(amount);
// Approve vault to spend shares
IERC20(address(curveVault)).approve(address(curveVault), shares);
// Perform withdrawal
curveVault.withdraw(
amount,
address(this), // receiver
address(this), // owner
0, // maxLoss
new address[](0) // strategies
);
totalVaultDeposits -= amount;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!