Submission Details
Impact:
Likelihood:
Centralization Risk in the Protocol. Owner can steal all funds
A malicious owner of the protocol can steal all funds that are currently present in the contract
Description
OrderBook::emergencyWithdrawERC20 can only be called by the owner of the protocol in emergency situations, however a malicious owner can call this function to send him all the tokens present in the contract
function emergencyWithdrawERC20(
address _tokenAddress,
uint256 _amount,
address _to
@> ) external onlyOwner {
if (
_tokenAddress == address(iWETH) ||
_tokenAddress == address(iWBTC) ||
_tokenAddress == address(iWSOL) ||
_tokenAddress == address(iUSDC)
) {
revert(
"Cannot withdraw core order book tokens via emergency function"
);
}
if (_to == address(0)) {
revert InvalidAddress();
}
IERC20 token = IERC20(_tokenAddress);
token.safeTransfer(_to, _amount);
emit EmergencyWithdrawal(_tokenAddress, _amount, _to);
}
Risk
Likelihood:
This vulnerability can occur in case of a malicious owner
Impact:
Loss of funds for the sellers that submitted their Orders
Recommended Mitigation
Consider using a multiSig wallet or implement a DAO Governance that will decide when to call this function
Rewards breakdown
nSLOC
217This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.