search

code-423n4 / 2022-05-backd-findings

0 stars 0 forks source link

Deposit doesn't initialize WithdrawalMeta #152

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/pool/LiquidityPool.sol#L504-L525

Vulnerability details

Impact

Though LiquidityPool.sol is not in scope, this is related to the PoolMigrationZap.migrate() which performs deposits into new pools. The deposit functionality of LiquidityPool.sol does not set the withdrawalMeta for the depositor, meaning that their withdrawal fees are always 0.

Tools Used

Manual review

Recommended Mitigation Steps

Add a call to _updateUserFeesOnDeposit() in the depositFor() function.

chase-manning commented 2 years ago

_updateUserFeesOnDeposit() is called when transferring LP Tokens. LP Tokens are transferred during a deposit. And so this is indirectly already called during a depositFor()

GalloDaSballo commented 2 years ago

Per the sponsor reply, the finding is invalid