search

code-423n4 / 2021-12-amun-findings

0 stars 0 forks source link

setLock may overwrite any currently active lockBlock #256

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

hubble

Vulnerability details

Impact

There is no check in setLock function of BasketFacet.sol, to see if the Lock is currently active. It may be possible that the lockBlock is set by a RebalanceManager rebalance command, and then once again rebalance command can be given before the expiry of the old lockBlock.

This may result in unexpected behaviour during rebalancing.

Proof of Concept

File : BasketFacet.sol Line : 302

function setLock(uint256 _lock) external override protectedCall {
    LibBasketStorage.basketStorage().lockBlock = _lock;
    emit LockSet(_lock);
}

Tools Used

Manual review

Recommended Mitigation Steps

Check and revert in setLock if the Lock is currently active

loki-sama commented 2 years ago

It's intended to be overwritten