Summary

The withdrawFunds function in the StabilityPool contract lacks proper access control, allowing unauthorized users to withdraw funds they do not own. This vulnerability results in potential loss of user funds and makes the system susceptible to exploitation.

Vulnerability Details

The function allows any caller to execute the withdrawal without verifying ownership or ensuring the correct accounting of deposits.

The contract does not update the deposit state before transferring funds, leading to potential reentrancy attacks.

Lack of proper role-based authentication enables unauthorized users to withdraw funds from other users.

Attacker discovers a flaw in the withdrawal mechanism.

Attacker repeatedly calls the function before state updates, draining funds from the contract.

Legitimate users lose their funds while the attacker benefits unfairly.

Impact

Loss of User Funds: Unauthorized users can withdraw funds, leading to financial loss.

Reentrancy Exploitation: Reentrancy attacks can be performed if an external contract is used to call withdrawFunds repeatedly before the state updates.

Trust and Reputation Damage: The vulnerability decreases trust in the platform, affecting its long-term viability.

Tools Used

slither

Recommendations

Use Checks-Effects-Interactions Pattern

Modify the function to update the state before transferring funds: