If SwingTraderManager.swingTraders() contains duplicate traderContracts, several functions like buyMalt() and sellMalt() wouldn't work as expected as they work according to traders' balances.
Proof of Concept
During the swing trader addition, there is no validation that each trader should have a unique traderContract.
So the same traderContract might have 2 or more traderIds.
When we check buyMalt() as an example, it distributes the ratio according to the trader balance and it wouldn't work properly if one trader contract is counted twice and receives more shares that it can't manage.
Similarly, other functions wouldn't work as expected and return the wrong result.
Tools Used
Manual Review
Recommended Mitigation Steps
Recommend adding a new mapping like activeTraderContracts to check if the contract is added already or not.
Then we can check the trader contract is added only once.
Lines of code
https://github.com/code-423n4/2023-02-malt/blob/main/contracts/StabilityPod/SwingTraderManager.sol#L36
Vulnerability details
Impact
If
SwingTraderManager.swingTraders()
contains duplicatetraderContract
s, several functions likebuyMalt()
andsellMalt()
wouldn't work as expected as they work according to traders' balances.Proof of Concept
During the swing trader addition, there is no validation that each trader should have a unique
traderContract
.So the same
traderContract
might have 2 or moretraderId
s.When we check
buyMalt()
as an example, it distributes the ratio according to the trader balance and it wouldn't work properly if one trader contract is counted twice and receives more shares that it can't manage.Similarly, other functions wouldn't work as expected and return the wrong result.
Tools Used
Manual Review
Recommended Mitigation Steps
Recommend adding a new mapping like
activeTraderContracts
to check if the contract is added already or not.Then we can check the trader contract is added only once.