Description

The function rescueFunds in the MultiSigStrategyV1 contract can rescue any assets held by this strategy. However, the amount to transfer is the underlying asset balance of the contract, instead of the asset_ balance.

function rescueFunds(address asset_) external onlyOwner {
!   IERC20(asset_).safeTransfer(owner(), IERC20(asset()).balanceOf(address(this)));
}

Impact

The owner needs to control the balance of the underlying asset to rescue a specific asset in the contract.

Recommendations

Consider updating the function according to the following code:

function rescueFunds(address asset_) external onlyOwner {
-   IERC20(asset_).safeTransfer(owner(), IERC20(asset()).balanceOf(address(this)));
+   IERC20(asset_).safeTransfer(owner(), IERC20(asset_).balanceOf(address(this)));
}

Remediation

This issue has been acknowledged by Blueprint Finance, and a fix was implemented in commit e71d5bda↗.