Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-02-tribe-turbo/blob/66f27fe51083f49f7935e3fe594ab2380b75dee8/src/modules/TurboBooster.sol#L104
BoosValue could be not safe.
The variable feiAmount is not used during the logic of the method canSafeBoostVault. According to the comment:
canSafeBoostVault
The amount of Fei asset to check the Safe is authorized boost the Vault with.
So this argument must be checked in order to ensure the expected logic.
Check that the value is in the expected range.
https://github.com/code-423n4/2022-02-tribe-turbo-findings/issues/5
Per the discussion on #5, not an exploit
Lines of code
https://github.com/code-423n4/2022-02-tribe-turbo/blob/66f27fe51083f49f7935e3fe594ab2380b75dee8/src/modules/TurboBooster.sol#L104
Vulnerability details
Impact
BoosValue could be not safe.
Proof of Concept
The variable feiAmount is not used during the logic of the method
canSafeBoostVault
. According to the comment:So this argument must be checked in order to ensure the expected logic.
Recommended Mitigation Steps
Check that the value is in the expected range.