Closed code423n4 closed 1 year ago
Would have benefited by a coded POC
[dispute validity]
When balanceDelta > 0
, it's never adjusted, it's the case only when balanceDelta < 0
, so it's safe to _increaseTotalBalance
at the beginning. It also has the benefit that when calling Drips._setDrips
it's guaranteed that the total balance will never bee too high, so _setDrips
can make assumptions about overflows safety.
CodeSandwich marked the issue as sponsor disputed
Disputing per Sponsor's reasoning + ERC777 / odd ERC20 are OOS per Readme
GalloDaSballo marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/DripsHub.sol#L510-L538
Vulnerability details
Impact
Detailed description of the impact of this finding. The
setDrips()
function gives the wrong accounting of the total balance of ERC20 tokens.Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
The
setDrips()
function gives the wrong accounting of the total balance of ERC20 tokens because:1) it first updates the total balance based on the user's expected
balanceDelta
. No tokens were sent to the contract when the following updates occur.2) After the
realBalanceDelta
is calculated, the previous increase is not reversed either, especially whenrealBalanceDelta > 0
, this is important whenrealBalanceDelta != balanceDelta
.3) in summary the accounting is not correct. WE need to account based on the real ERC20 token transfers.
Tools Used
Remix
Recommended Mitigation Steps
We account for the total balance of ERC20 based on the real transfer transactions.