kitty-the-kat
commented
3 years ago We haven't been able to model an exploit for this
Open code423n4 opened 3 years ago
kitty-the-kat
commented
3 years ago We haven't been able to model an exploit for this
Handle
0xRajeev
Vulnerability details
Impact
Token amounts/prices are typically open-ranged and inclusive of the bounds. Using ‘<‘ or ‘>’ instead of ‘<=‘ and ‘>=‘ may affect borderline scenarios, considered unintuitive by users and affect accounting.
Scenario 1: In calculateVaultSwapData(), the require() check is: require(withdrawAmount < state.totalCurrentAssetsUsd, "Withdrawal exceeds system assets"); The ‘<‘ could be replaced by ‘<=‘
Scenario 2: In withdrawSingleByLiquidity(), the require() check is: require(balance > minAmount, "withdrawSingle: !minAmount"); The ‘>’ should be ‘>=‘ as is used in the similar check in withdrawSingleByExchange().
Proof of Concept
https://github.com/code-423n4/2021-06-gro/blob/091660467fc8d13741f8aafcec80f1e8cf129a33/contracts/insurance/Insurance.sol#L429
https://github.com/code-423n4/2021-06-gro/blob/091660467fc8d13741f8aafcec80f1e8cf129a33/contracts/pools/LifeGuard3Pool.sol#L224
https://github.com/code-423n4/2021-06-gro/blob/091660467fc8d13741f8aafcec80f1e8cf129a33/contracts/pools/LifeGuard3Pool.sol#L268
Tools Used
Manual Analysis
Recommended Mitigation Steps
Reconsider strict inequalities and relax them if possible.