Incorrect check of delegates
Days in Operation:
100 pts each
APWine is the first protocol for future yield tokenization.
Whitehat setuid0 of SSLab@Gatech submitted a critical bug report with a working PoC to APWine’s bug bounty program on Immunefi. The bug was simple: in the PT tokens, one condition wasn’t checked during the burn of those tokens which could lead to the theft of the yield from the protocol after the two periods, i.e. 6 months.
Transfer of the delegation power of the governance tokens is done in the beforeTokenTransfer() function. Due to the check of to != address(0) inside that function, an attacker could exploit this to bypass the check for the amount of tokens put into the delegation, effectively increasing the future yield. This could be exploited because when users would withdraw their deposited PT tokens, the PT.burnFrom() is run, which sets to in the beforeTokenTransfer to address(0).
For this find, the whitehat was rewarded $100,000. The APWine team was quick with the response and also with the payout of the bounty (4 days after the report was submitted to Immunefi).
DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.