code-423n4 / 2021-08-notional-findings

3 stars 0 forks source link

Add buffer, haircut and liquidation discount checks. #26

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

tensors

Vulnerability details

Impact

Incorrect input amounts for these variables can be disastrous for funds in the protocol. Verify using a require statement that buffer >= 100, liquidation multiplier >= 100, and haircut <= 100.

Proof of Concept

https://github.com/code-423n4/2021-08-notional/blob/4b51b0de2b448e4d36809781c097c7bc373312e9/contracts/external/actions/GovernanceAction.sol#L66

Recommendation

Add a require statement.

jeffywu commented 3 years ago

Checks are already applied: https://github.com/code-423n4/2021-08-notional/blob/main/contracts/external/actions/GovernanceAction.sol#L381-L386

ghoul-sol commented 3 years ago

per sponsor comment, invalid