BriVault
First Flight #52
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

ERC4626 Standard Functions Bypass Core Logic

yxsec

Description

  • Normal flow requires every deposit/withdraw to pass through the customized deposit()/withdraw() in order to collect fees and enforce time + winner checks.

  • Only deposit(uint256,address) overrides ERC4626; mint, withdraw(uint256,address,address), and redeem remain callable and skip all protections.

// src/briVault.sol:13-236
contract BriVault is ERC4626, Ownable {
@> // Only deposit() overrides ERC4626; mint/withdraw/redeem remain unguarded
function deposit(uint256 assets, address receiver) public override returns (uint256) {
...
}
}

Risk

Likelihood:

  • Any user or integration that knows ERC4626 will invoke the standard interface during the betting period.

  • The contract exposes these functions publicly with no modifiers, so every address can call them immediately.

Impact:

  • Attackers can bypass participation fees or join after the deadline, undermining the tournament rules.

  • Losing participants can withdraw before the winner is set (or even after losing), draining the prize pool.

Proof of Concept

IERC20(asset).approve(address(vault), 100 ether);
vault.mint(100 ether, attacker); // No fee, no time gate
vault.withdraw(90 ether, attacker, attacker); // No winner check, losers can exit with funds

Recommended Mitigation

+ function mint(uint256, address) public pure override returns (uint256) {
+ revert("use deposit()");
+ }
+ function withdraw(uint256, address, address) public pure override returns (uint256) {
+ revert("use withdraw()");
+ }
+ function redeem(uint256, address, address) public pure override returns (uint256) {
+ revert("use withdraw()");
+ }
Updates

Appeal created

bube Lead Judge 16 days ago
Submission Judgement Published
Validated
Assigned finding tags:

Unrestricted ERC4626 functions

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!