search

code-423n4 / 2023-01-numoen-findings

0 stars 0 forks source link

No-check taht amounts are less than reserves #280

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/core/Pair.sol#L116

Vulnerability details

Impact

There is no check that the amount for the flashloan is actually available in the contract. It is checked that it should be >0 but not < than reserves. Eventually, the function will revert because the funds are not there and the funds are not in the contract, but it should be checked. Attackers could also borrow funds that are in the contract directly without being accounted for in the reserves, but, as being a flash loan no losses will happen.

Tools Used

manual

Recommended Mitigation Steps

Protocol should follow uniswap implementations: check that indeed the funds for the flashloan re in the contract as reserve require(amount0Out < _reserve0 && amount1Out < _reserve1, 'INSUFFICIENT_LIQUIDITY');

berndartmueller commented 1 year ago

It will revert if amount0Out is larger than the available reserve in https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/core/Pair.sol#L122. Hence no explicit check needed.

c4-judge commented 1 year ago

berndartmueller marked the issue as unsatisfactory: Invalid