search

code-423n4 / 2022-04-phuture-findings

0 stars 0 forks source link

Wrong reweight implementation (ManagedIndexReweightingLogic.sol) #30

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/ManagedIndexReweightingLogic.sol#L28 https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/ManagedIndexReweightingLogic.sol#L50 https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/ManagedIndexReweightingLogic.sol#L32 https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/interfaces/IManagedIndexReweightingLogic.sol#L11

Vulnerability details

Impact

The list of assets will be incorrect after reweight()

Proof of Concept

Base on the doc, _updatedAssets[] is the list of asset for the index after reweight. But the implementation just iterates throw all of the _updatedAsset and checks if that weight of asset > 0, it will add it to the asset list. (if weight < 0 it will add that asset to inactiveAsset list). So what if there are some assets that don't appear in _updatedAssets, they won't be removed from assets?

Tools Used

manual review

Recommended Mitigation Steps

Remove all assets before adding new asset

itsmetechjay commented 2 years ago

Withdrawn by warden. Per warden: " I make a mistake, and this report is invalid, pls remove it !!!"