Bypass of Event Locks via Inherited ERC4626 Functions
Root + Impact
Description
-
The BriVault contract implements a time-locked betting mechanism where users should only be able to withdraw funds after the event concludes and only if they backed the winning outcome.
-
However, by inheriting from ERC4626 without overriding the standard withdrawal functions, users can completely bypass all event restrictions and withdraw their funds at any time.
Risk
Likelihood: High
-
The inherited functions are publicly visible in the ABI and follow standard ERC4626 patterns
-
Users seeking early liquidity or those who backed losing outcomes have clear incentive to use these functions
-
The vulnerability is easily discoverable through standard blockchain explorers or interface generators
Impact: High
-
Complete circumvention of the vault's core betting mechanics
-
Early withdrawals drain the prize pool before the event concludes
-
Losing bettors can recover funds, eliminating the risk/reward model
-
The vault becomes economically non-viable
Proof of Concept
-
Add testEarlyWithdraw to briVault.t.sol
-
Run
forge test --mt testEarlyWithdraw
Recommended Mitigation
Override all ERC4626 withdrawal functions to enforce vault business logic
Appeal created
Unrestricted ERC4626 functions
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.