redeem may return less than minOut if wrong token is supplied with poolID=3 because there is no check against minOut in L230-L232.
Proof of Concept
https://github.com/Badger-Finance/ibbtc/blob/d8b95e8d145eb196ba20033267a9ba43a17be02c/contracts/Zap.sol#L216-L238
1) User mistakenly call redeem(USDC, 100, 3, 0, 100)
2) The contract take 100 bBTC from the user, redeem it (L231)
3) The contract call USDC.balanceOf(address(this)), which return 0 (L236)
4) The contract send 0 USDC to the user, despite minOut set to 100
The redeemed byvWBTC can be extracted by anyone calling redeem(byvWBTC, 0, 3, 0, 0)
Tools Used
Recommended Mitigation Steps
After L230
require(token==byvWBTC, "INVALID_TOKEN");
or
After L236
require(out>=minOut, "INSUFFICIENT_OUTPUT");
Handle
gzeon
Vulnerability details
Impact
redeem
may return less thanminOut
if wrong token is supplied with poolID=3 because there is no check against minOut in L230-L232.Proof of Concept
https://github.com/Badger-Finance/ibbtc/blob/d8b95e8d145eb196ba20033267a9ba43a17be02c/contracts/Zap.sol#L216-L238 1) User mistakenly call redeem(USDC, 100, 3, 0, 100) 2) The contract take 100 bBTC from the user, redeem it (L231) 3) The contract call USDC.balanceOf(address(this)), which return 0 (L236) 4) The contract send 0 USDC to the user, despite minOut set to 100 The redeemed byvWBTC can be extracted by anyone calling redeem(byvWBTC, 0, 3, 0, 0)
Tools Used
Recommended Mitigation Steps
After L230
require(token==byvWBTC, "INVALID_TOKEN");
or After L236require(out>=minOut, "INSUFFICIENT_OUTPUT");