search

code-423n4 / 2021-06-gro-findings

0 stars 1 forks source link

Variables `maxIndex` and `minIndex` in `sortVaultsByDelta` are uninitialized #123

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

shw

Vulnerability details

Impact

The sortVaultsByDelta function of Exposure does not properly initialize the maxIndex and minIndex variables. Consider an edge case where the delta of the three stable coins are all 0. The maxIndex and minIndex variables will be all 0 and vaultIndexes will be [0, 3, 0], which are invalid. The results of the users' deposits could be affected by this bug.

Proof of Concept

Referenced code: Exposure.sol#L178-L210

Recommended Mitigation Steps

Initialize maxIndex and minIndex to 0 and 1 to handle this edge case while being correct in other cases.

kitty-the-kat commented 2 years ago

2

ghoul-sol commented 2 years ago 
int256 delta = int256(
  unifiedAssets[i] - unifiedTotalAssets.mul(targetPercents[i]).div(PERCENTAGE_DECIMAL_FACTOR)
);

It seems that there's a mathematical possibility that assets will have an ideal proportion between vaults and delta might be 0.

Duplicate of #2 to high risk.