search

code-423n4 / 2021-09-defiprotocol-findings

1 stars 0 forks source link

Auction multiplier set to zero #242

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

goatbug

Vulnerability details

Impact

function setAuctionMultiplier(uint256 newAuctionMultiplier) public override onlyOwner {
    auctionMultiplier = newAuctionMultiplier;
}

auction multiplier can be set to zero by factory owner. This would stop the auction settling, function would always revert. 

uint256 a = factory.auctionMultiplier() * basket.ibRatio();
    uint256 b = (bondTimestamp - auctionStart) * BASE / factory.auctionDecrement();
    uint256 newRatio = a - b;

causing a safe math error and newRatio to revert.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

Tools Used

Recommended Mitigation Steps

frank-beard commented 3 years ago

it is assumed the owner is trustworthy in this version of the protocol, however we will add mitigations and further decentralization in future updates

GalloDaSballo commented 2 years ago

Agree with the finding, because the warden showed a specific "admin privilege" that DOSses the protocol, the finding is valid and of medium severity