attacker will steal funds
Report ID
#24870
Report type
Smart Contract
Has PoC?
Yes
Target
Impacts
Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield
Description
Bug Description- smart contract will permanently lose funds
Impact- loss of funds
Proof of concept
Step-1- call the sync function of the smart contract,function will execute without permission. parameter-1-recipient-address to send token's 2-minAmountOut-amount of token's to send Step-2- call the getSyncOut function of the smart contract to check the smart contract's token balance,function will execute without permission.
BIC Response
This is not a valid bug report because this is intended use of the sync
function and it's unclear what the reported vulnerability is intended to be.
Due to these reasons, we are closing the submission and no reward will be issued.