search

code-423n4 / 2021-06-gro-findings

0 stars 1 forks source link

Add a proper revert message in `_withdrawSingle` #120

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

shw

Vulnerability details

Impact

In the _withdrawSingle function of WithdrawHandler, the funds are withdrawn directly from the vault adapters when the withdrawal is small. However, the tokenAmount is not checked to be less than or equal to adapter.totalAssets() before withdrawing. If the amount to withdrawal is greater than the adapter's total assets, the transaction fails without returning proper error messages. Notice that a similar function, _withdrawBalanced, does check the adapter's balance (line 332).

Proof of Concept

Referenced code: WithdrawHandler.sol#L299-L300

Recommended Mitigation Steps

Add require(tokenAmount <= adapter.totalAssets(), "_withdrawSingle: !adapterBalance"); after line 299.

kitty-the-kat commented 2 years ago

Non-critical Style/comment fix, nice to have but not critical/prioritised

ghoul-sol commented 2 years ago

This is non-critical because add the check does not change the outcome, just makes it more clear. Agree with sponsor, non-critical.