search

code-423n4 / 2022-10-inverse-findings

0 stars 0 forks source link

Rug Vector draining DOLA token #576

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L203-L206

Vulnerability details

Impact

Market.sol contract contains a rug vector in plain sight, the recall() function. If Market.sol contract's DOLA token is being drained by lender, then any of borrow or replenish function will reverted because no DOLA token exist.

Even though this is not likely happen (the process of draining DOLA token from Market contract, since it need the lender to be compromised or bad behaviour of lender address), but the power of lender is big enough to stop the contract functionalities.

Proof of Concept

File: Market.sol
203:     function recall(uint amount) public {
204:         require(msg.sender == lender, "Only lender can recall");
205:         dola.transfer(msg.sender, amount);
206:     }

Tools Used

Manual analysis

Recommended Mitigation Steps

Maybe better accounting of token allocation, for example create variables to store how many can recall

c4-judge commented 1 year ago

0xean marked the issue as duplicate

Simon-Busch commented 1 year ago

Issue marked as satisfactory as requested by 0xean

c4-judge commented 1 year ago

Simon-Busch marked the issue as duplicate of #301