Platform: Code4rena
Start Date: 05/01/2023
Pot Size: $90,500 USDC
Total HM: 55
Participants: 103
Period: 14 days
Judge: Picodes
Total Solo HM: 18
Id: 202
League: ETH
Rank: 50/103
Findings: 1
Award: $165.48
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: rbserver
Also found by: Apocalypto, Jeiwan, evan, jesusrod15, ladboy233, m9800
165.479 USDC - $165.48
Impact due incorrect implementation owner unable to withdraw funds
https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/Vault.sol#L70-L73
the incorrect implementation is use
ERC20(asset()).safeTransferFrom(address(this), msg.sender, amount);
this require prior approval witch lack them transaction fail always , further no is a way correct transfer funds use safetransferfrom from the same contracts, although have approval prior
Proof of Concept
https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/Vault.sol#L72
Tools Used manual review Recommended Mitigation Steps
instead of using
ERC20(asset()).safeTransferFrom(address(this), msg.sender, amount);
use
ERC20(asset()).safeTransfer(msg.sender, amount);
#0 - c4-judge
2023-01-24T09:26:58Z
Picodes marked the issue as duplicate of #489
#1 - c4-judge
2023-02-15T07:49:56Z
Picodes marked the issue as satisfactory