Open code423n4 opened 3 years ago
WatchPug
https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/8d265aacb905d30bd95dcd54505fb26dc1f9b0b6/contracts/IbbtcVaultZap.sol#L163-L177
uint256[4] memory depositAmounts; for (uint256 i = 0; i < 4; i++) { if (_amounts[i] > 0) { ASSETS[i].safeTransferFrom( msg.sender, address(this), _amounts[i] ); if (i == 0 || i == 3) { // ibbtc and sbtc depositAmounts[i] += _amounts[i]; } } }
depositAmounts[i] += _amounts[i] can be changed to depositAmounts[i] = _amounts[i] as depositAmounts[i] == 0.
depositAmounts[i] += _amounts[i]
depositAmounts[i] = _amounts[i]
depositAmounts[i] == 0
Agree with the finding
Handle
WatchPug
Vulnerability details
https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/8d265aacb905d30bd95dcd54505fb26dc1f9b0b6/contracts/IbbtcVaultZap.sol#L163-L177
depositAmounts[i] += _amounts[i]
can be changed todepositAmounts[i] = _amounts[i]
asdepositAmounts[i] == 0
.