search

code-423n4 / 2022-11-size-findings

1 stars 0 forks source link

Protocol won’t work with rebasing tokens #300

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-11-size/blob/fec5a6148e9c08518465a04c08f1f3e9908eb5a8/src/SizeSealed.sol#L55

Vulnerability details

Proof of Concept

Some tokens may make arbitrary balance modifications outside of transfers (e.g. Ampleforth style rebasing tokens, Compound style airdrops of governance tokens, mintable / burnable tokens). If such a token as used, since in the protocol we cache the auction total amount and bid quote amounts, if later the token balances are rebased it can result in leftover tokens stuck in contract or in the worst case in a DoS by a revert, since there will be less balance than what was cached.

Impact

The impact is potentially a loss of value or a permanent revert in the protocol when using a rebasing token

Recommendation

Add a whitelist to allow only a set of tokens, not rebasing ones, or add it to the project docs

c4-judge commented 2 years ago

0xean marked the issue as duplicate

c4-judge commented 1 year ago

0xean marked the issue as satisfactory