This repository has been archived by the owner on Jan 7, 2024. It is now read-only.
0x52 - Failed withdrawals from VUSD#processWithdrawals will be lost forever #162
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
Comments
github-actions
bot
added
High
This was referenced Jul 10, 2023
Closed
Closed
0xshinobii
added
Sponsor Confirmed
|
will add functionality to retry withdrawals |
|
Fixed in this PR. The description is in the PR. |
|
Fix looks good. Failed withdrawals are cached allowing them to be retried by governance on a case by case basis. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
0x52
medium
Failed withdrawals from VUSD#processWithdrawals will be lost forever
Summary
When withdrawals fail inside VUSD#processWithdrawals they are permanently passed over and cannot be retried. The result is that any failed withdrawal will be lost forever.
Vulnerability Detail
VUSD.sol#L75-L81
If the call to withdrawal.usr fails the contract will simply emit an event and continue on with its cycle. Since there is no way to retry withdrawals, these funds will be permanently lost.
Impact
Withdrawals that fail will be permanently locked
Code Snippet
VUSD.sol#L65-L85
Tool used
Manual Review
Recommendation
Cache failed withdrawals and allow them to be retried or simply send VUSD to the user if it fails.
The text was updated successfully, but these errors were encountered: