Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

`_withdrawFromVault` does not use the correct function and parameters

pyro

Summary

_withdrawFromVault does not work correctly

Vulnerability Details

_withdrawFromVault calls curveVault.withdraw( with 5 parameters as input. However curve pools don't have withdraw, they have remove_liquidity

function _withdrawFromVault(uint256 amount) internal {
curveVault.withdraw(amount, address(this), msg.sender, 0, new address[](0));
totalVaultDeposits -= amount;
}

Here is the current pool for crv USDC- https://etherscan.io/address/0x4dece678ceceb27446b35c672dc7d61f30bad69e#writeContract

Notice how has 15mil inside it, meaning it's in use. Why it lacks any deposit/withdraw functions.

Here is another pool with the same functions and parameters - https://etherscan.io/token/0xffa6115ee9c940b493cd0b3e1ef46470413d06c2?a=0x7a16ff8270133f063aab6c9977183d9e72835428#writeContract

However here the issue is that withdraw has only 3 inputs and here we use 5.

Impact

_withdrawFromVault will not work at all and any function that uses it (the whole contract)

Tools Used

Manual review

Recommendations

Implement the correct curve interface.

Updates

Lead Judging Commences

inallhonesty Lead Judge
7 months ago
inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.