search

code-423n4 / 2021-05-fairside-findings

0 stars 0 forks source link

`pendingWithdrawals` not decreased after a `withdraw` #72

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

shw

Vulnerability details

Impact

The variable pendingWithdrawals in the contract Withdrawable is not decreased after the function withdraw is called, which causes the return value of function getReserveBalance less than it should be. This bug could cause incorrect results in several critical functions related to FSD token pricing, including getFSDPrice, purchaseMembership, getMaximumBenefitPerUser, mint, and burn in the FSDNetwork and FSD contracts.

Proof of Concept

Referenced code: Withdrawable.sol#L14-L19 Withdrawable.sol#L26-L28

Affected functions: FSD.sol#L85 FSD.sol#L100 FSDNetwork.sol#L136 FSDNetwork.sol#L361 FSDNetwork.sol#L369

Recommended Mitigation Steps

Add pendingWithdrawals = pendingWithdrawals.sub(reserveAmount); after line 17 in the contract Withdrawable.

fairside-core commented 3 years ago

One of two easter eggs!

fairside-core commented 3 years ago

Fixed in PR#5.