The issue is that this will be equal to 0 if exchangeRateStored()*redeemTokensIn < 1e18.
Impact
In this case, the problem is that the code will not revert. The only check is that redeemAmount is not zero if redeemTokens is 0, but not the other way around:
This will only happen for dust amounts of VTokens.
The issue is that exchangeRate is dynamic, and cannot be fully predicted, which means a redeem() call may lead to a lower underlying amount than expected.
Lines of code
https://github.com/code-423n4/2023-05-venus/blob/8be784ed9752b80e6f1b8b781e2e6251748d0d7e/contracts/VToken.sol#L825
Vulnerability details
Users can redeem their
vToken
against underlying by callingredeem
. The logic in_redeemFresh
to compute that amount is:The issue is that this will be equal to
0
ifexchangeRateStored()*redeemTokensIn < 1e18
.Impact
In this case, the problem is that the code will not revert. The only check is that
redeemAmount
is not zero ifredeemTokens
is 0, but not the other way around:This will only happen for dust amounts of
VTokens
.The issue is that
exchangeRate
is dynamic, and cannot be fully predicted, which means aredeem()
call may lead to a lower underlying amount than expected.Tools Used
Manual Analysis
Recommended Mitigation Steps
Assessed type
Math