Open code423n4 opened 3 years ago
cmichel
The Exposure.sortVaultsByDelta function computes the missing vault index from the min and max vault indices by:
Exposure.sortVaultsByDelta
vaultIndexes[1] = N_COINS - maxIndex - minIndex;
This only works for N_COINS = 3.
N_COINS = 3
If any new stablecoin is ever removed or added, this function will break.
Never change the number of stablecoins and consider adding an assert(N_COINS == 3) here.
assert(N_COINS == 3)
non-critical: By its nature, exposure and allocations should be redeployed if any fundamental changes are done to the underlying exposure types
In summary, works as designed. Non-critical.
Handle
cmichel
Vulnerability details
Vulnerability Details
The
Exposure.sortVaultsByDelta
function computes the missing vault index from the min and max vault indices by:This only works for
N_COINS = 3
.Impact
If any new stablecoin is ever removed or added, this function will break.
Recommended Mitigation Steps
Never change the number of stablecoins and consider adding an
assert(N_COINS == 3)
here.