Closed code423n4 closed 1 year ago
GalloDaSballo marked the issue as duplicate of #13
Awarding 50% due to lack of detail in terms what goes wrong vs primary
GalloDaSballo marked the issue as partial-50
Hey @GalloDaSballo I think this report also mentions all the necessary technical details as menttioned in #13. Just that, I intended the report to be precise and small.
As you can see, the example scenario above shows the exact _totalShares
and individual shares values.
GalloDaSballo marked the issue as full credit
After re-reading, I agree that the finding shows the issue with accounting, restoring full credit
GalloDaSballo marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2023-02-kuma/blob/main/src/kuma-protocol/KUMAFeeCollector.sol#L152
Vulnerability details
Impact
In KUMAFeeCollector contract, the
addPayee
validates that an already present payee cannot be added again to the_payees
set.However a similar check is not present in the
changePayees
function. https://github.com/code-423n4/2023-02-kuma/blob/main/src/kuma-protocol/KUMAFeeCollector.sol#L152So a single payee can be added multiple times to the
_payees
set using thechangePayees
function.Proof of Concept
Consider this scenario:
addPayee
function each account can be added only once.changePayees
function, Account1 can be added twice to the_payees
set.The final payees list looks like this:
Tools Used
Manual review
Recommended Mitigation Steps
Consider adding a check in
changePayees
function also which prevent addition of duplicate payee entries.