search

code-423n4 / 2023-02-kuma-findings

2 stars 1 forks source link

KUMAFeeCollector - duplicate payee can be added #34

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-02-kuma/blob/main/src/kuma-protocol/KUMAFeeCollector.sol#L152

Vulnerability details

Impact

In KUMAFeeCollector contract, the addPayee validates that an already present payee cannot be added again to the _payees set.

    function addPayee(address payee, uint256 share) external override onlyManager {
        if (_payees.contains(payee)) {
            revert Errors.PAYEE_ALREADY_EXISTS();
        }
        // ...
    }

However a similar check is not present in the changePayees function. https://github.com/code-423n4/2023-02-kuma/blob/main/src/kuma-protocol/KUMAFeeCollector.sol#L152

So a single payee can be added multiple times to the _payees set using the changePayees function.

Proof of Concept

Consider this scenario:

The final payees list looks like this:

Tools Used

Manual review

Recommended Mitigation Steps

Consider adding a check in changePayees function also which prevent addition of duplicate payee entries.

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #13

GalloDaSballo commented 1 year ago

Awarding 50% due to lack of detail in terms what goes wrong vs primary

c4-judge commented 1 year ago

GalloDaSballo marked the issue as partial-50

akshaysrivastav commented 1 year ago

Hey @GalloDaSballo I think this report also mentions all the necessary technical details as menttioned in #13. Just that, I intended the report to be precise and small.

As you can see, the example scenario above shows the exact _totalShares and individual shares values.

c4-judge commented 1 year ago

GalloDaSballo marked the issue as full credit

GalloDaSballo commented 1 year ago

After re-reading, I agree that the finding shows the issue with accounting, restoring full credit

c4-judge commented 1 year ago

GalloDaSballo marked the issue as satisfactory