search

code-423n4 / 2022-02-tribe-turbo-findings

1 stars 0 forks source link

Slurp misses boost cap checks #11

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/TurboMaster.sol#L279

Vulnerability details

Impact

Missing checks of canSafeBoostVault in onSafeSlurp function in TurboMaster.sol#L279. The current vault deposit could already be at BoostCap. Calling slurp on this vault would add interest on the getTotalFeiBoostedForVault[V] which will now becomes > BoostCap

Proof of Concept

  1. Observe that onSafeSlurp function in TurboMaster.sol#L279 is missing any call to canSafeBoostVault to see if current value+interest > cap

Recommended Mitigation Steps

Make a call to canSafeBoostVault in onSafeSlurp function and if boosting cap is bypassed then call onSafeLess with the excess amount

Joeysantoro commented 2 years ago

https://github.com/code-423n4/2022-02-tribe-turbo-findings/issues/9

GalloDaSballo commented 2 years ago

Duplicate of #9 from same Warden, marking as invalid