search

code-423n4 / 2021-12-yetifinance-findings

0 stars 0 forks source link

Target pool does not get updated due to receiveCollateral not being called #145

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

csanuragjain

Vulnerability details

Impact

receiveCollateral is not called on sendCollateralsUnwrap due to which target pool does not get updated with the transferred token amount

Proof of Concept

  1. Navigate to contract at https://github.com/code-423n4/2021-12-yetifinance/blob/main/packages/contracts/contracts/ActivePool.sol

  2. Observe that sendCollateralsUnwrap function is not calling receiveCollateral and thus target collateral are never updated (reference is sendCollaterals function)

Recommended Mitigation Steps

Add below lines in sendCollateralsUnwrap

if (_needsUpdateCollateral(_to)) {
            ICollateralReceiver(_to).receiveCollateral(_tokens, _amounts);
        }
kingyetifinance commented 2 years ago

@LilYeti: True, but this function is never called to transfer and unwrap between pools. That is because only the wrapped version of the collateral is whitelisted.

alcueca commented 2 years ago

Downgraded to low severity since there isn't an actual error in the code, but there could be through future implementations that are not aware of this particularity.