In the _redeemInternal function of the wfCashERC4626 contract and the _redeem function of the NotionalTradeModule contract, maxImpliedRate is 0 and type(uint32).max, which means that the maxImpliedRate limit will not work.
maxImpliedRate should be configurable to allow the user to control slippage.
ckoopmann
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/index-coop-notional-trade-module/contracts/protocol/modules/v1/NotionalTradeModule.sol#L537-L556
Vulnerability details
Impact
In the _redeemInternal function of the wfCashERC4626 contract and the _redeem function of the NotionalTradeModule contract, maxImpliedRate is 0 and type(uint32).max, which means that the maxImpliedRate limit will not work. maxImpliedRate should be configurable to allow the user to control slippage.
Proof of Concept
https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/index-coop-notional-trade-module/contracts/protocol/modules/v1/NotionalTradeModule.sol#L537-L556 https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/notional-wrapped-fcash/contracts/wfCashERC4626.sol#L225-L241
Tools Used
None
Recommended Mitigation Steps
Let users configure maxImpliedRate