BranchPort.toggleStrategyToken may be called on a token not registered as a strategy token effectively registering it without setting a getMinimumTokenReserveRatio. In such a case _minimumReserves will always return a value smaller than the current balance which in turn will make _minimumReserves always return some reserves available while _reservesLacking always return 0.
Lines of code
https://github.com/code-423n4/2023-05-maia/blob/54a45beb1428d85999da3f721f923cbf36ee3d35/src/ulysses-omnichain/BranchPort.sol#L342-L346 https://github.com/code-423n4/2023-05-maia/blob/54a45beb1428d85999da3f721f923cbf36ee3d35/src/ulysses-omnichain/BranchPort.sol#L331-L339 https://github.com/code-423n4/2023-05-maia/blob/54a45beb1428d85999da3f721f923cbf36ee3d35/src/ulysses-omnichain/BranchPort.sol#L149-L151
Vulnerability details
Impact
BranchPort.toggleStrategyToken
may be called on a token not registered as a strategy token effectively registering it without setting agetMinimumTokenReserveRatio
. In such a case_minimumReserves
will always return a value smaller than the current balance which in turn will make_minimumReserves
always return some reserves available while_reservesLacking
always return 0.Tools Used
Pen and paper
Recommended Mitigation Steps
Add check to
BranchPort.toggleStrategyToken
Assessed type
Other