search

code-423n4 / 2023-05-juicebox-findings

1 stars 1 forks source link

Failure to check reservedRate can lead to a decrease in assets #213

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-juicebox/blob/main/juice-buyback/contracts/JBXBuybackDelegate.sol#L159 https://github.com/code-423n4/2023-05-juicebox/blob/main/juice-buyback/contracts/JBXBuybackDelegate.sol#L279

Vulnerability details

Impact

The payParams() function takes the _data parameter, which contains the reservedRate. If reservedRate exceeds MAX_RESERVED_RATE, then this causes _nonReservedToken to be incremented. This results in a decrease in assets and a larger mint.

Proof of Concept

JBConstants.MAX_RESERVED_RATE = 10000; _nonReservedToken = PRBMath.mulDiv( _amountReceived, 10000 - _reservedRate, 10000 ); If _reservedRate > 10000 -> _nonReservedToken = 0

controller.mintTokensOf(..) use _useReservedRate: true

Tools Used

Manual Review / VSCode

Recommended Mitigation Steps

Check the parameter in the payParams() function. require(_data.reservedRate<MAX_RESERVED_RATE)

Assessed type

Invalid Validation

dmvt commented 1 year ago

spam / overinflated

c4-pre-sort commented 1 year ago

dmvt marked the issue as low quality report

c4-judge commented 1 year ago

dmvt marked the issue as unsatisfactory: Overinflated severity