📄

Report #24870

Report Date
October 13, 2023
Status
Closed
Payout

attacker will steal funds

Report Info

Report ID

#24870

Report type

Smart Contract

Has PoC?

Yes

Target

Impacts

Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield

Description

Bug Description- smart contract will permanently lose funds

Impact- loss of funds

Proof of concept

Step-1- call the sync function of the smart contract,function will execute without permission. parameter-1-recipient-address to send token's 2-minAmountOut-amount of token's to send Step-2- call the getSyncOut function of the smart contract to check the smart contract's token balance,function will execute without permission.

BIC Response

This is not a valid bug report because this is intended use of the sync function and it's unclear what the reported vulnerability is intended to be.

Due to these reasons, we are closing the submission and no reward will be issued.