search

code-423n4 / 2022-02-tribe-turbo-findings

1 stars 0 forks source link

Unchecked `feiAmount` range #10

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-02-tribe-turbo/blob/66f27fe51083f49f7935e3fe594ab2380b75dee8/src/modules/TurboBooster.sol#L104

Vulnerability details

Impact

BoosValue could be not safe.

Proof of Concept

The variable feiAmount is not used during the logic of the method canSafeBoostVault. According to the comment:

The amount of Fei asset to check the Safe is authorized boost the Vault with.

So this argument must be checked in order to ensure the expected logic.

Recommended Mitigation Steps

Check that the value is in the expected range.

Joeysantoro commented 2 years ago

https://github.com/code-423n4/2022-02-tribe-turbo-findings/issues/5

GalloDaSballo commented 2 years ago

Per the discussion on #5, not an exploit