search

code-423n4 / 2023-03-kuma-mitigation-contest-findings

0 stars 0 forks source link

Mitigation Confirmed for H-01 #18

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Mitigation of H-01: Fully Alleviated

The sponsor implemented the recommended course of action to address this exhibit, introducing a require check that prevents a KIBToken::_transfer operation when the from and to arguments are the same. A snippet of the contract with the remediated code showcased can be found below:

/**
 * @dev See {ERC20-_transfer}.
 */
function _transfer(address from, address to, uint256 amount) internal override {
    if (from == address(0)) {
        revert Errors.ERC20_TRANSFER_FROM_THE_ZERO_ADDRESS();
    }
    if (to == address(0)) {
        revert Errors.ERC20_TRANSER_TO_THE_ZERO_ADDRESS();
    }

    /** 
     * MITIGATION BLOCK OF H-01 START
     */

    if (to == from) {
        revert Errors.CANNOT_TRANSFER_TO_SELF();
    }

    /** 
     * MITIGATION BLOCK OF H-01 END
     */

    _refreshCumulativeYield();
    _refreshYield();

    uint256 startingFromBalance = this.balanceOf(from);
    if (startingFromBalance < amount) {
        revert Errors.ERC20_TRANSFER_AMOUNT_EXCEEDS_BALANCE();
    }
    uint256 newFromBalance = startingFromBalance - amount;
    uint256 newToBalance = this.balanceOf(to) + amount;
    uint256 previousEpochCumulativeYield_ = _previousEpochCumulativeYield;
    uint256 newFromBaseBalance = WadRayMath.wadToRay(newFromBalance).rayDiv(previousEpochCumulativeYield_);
    uint256 newToBaseBalance = WadRayMath.wadToRay(newToBalance).rayDiv(previousEpochCumulativeYield_);
    if (amount > 0) {
        _totalBaseSupply -= (_baseBalances[from] - newFromBaseBalance);
        _totalBaseSupply += (newToBaseBalance - _baseBalances[to]);
        _baseBalances[from] = newFromBaseBalance;
        _baseBalances[to] = newToBaseBalance;
    }
    emit Transfer(from, to, amount);
}

As such, it is no longer possible to artificially increment one's balances by performing a transfer to themselves. An accompanying test was introduced to the codebase's KIBToken.transfer.t.sol file that ensures the correct CANNOT_TRANSFER_TO_SELF error is yielded whenever a self-transfer is attempted.

c4-judge commented 1 year ago

GalloDaSballo marked the issue as satisfactory