Open code423n4 opened 1 year ago
vaporkane marked the issue as disagree with severity
vaporkane marked the issue as sponsor confirmed
This is a valid issue however it does not have any meaningful impact on users of the protocol.
For the edge case that is missing, a booster is shutdown but not a specific pool the call to booster.deposit()
will revert. The revert prevents funds incorrectly being transferred to the shutdown pool and prevents any meaningful attacks.
Therefore since there is minimal impact for this bug I consider it low severity.
kirk-baird changed the severity to QA (Quality Assurance)
kirk-baird marked the issue as grade-a
Lines of code
https://github.com/code-423n4/2023-05-xeth/blob/d86fe0a9959c2b43c62716240d981ae95224e49e/src/CVXStaker.sol#L118
Vulnerability details
Impact
Missing check
booster.isShutdown==false
, may causedeposit
to failProof of Concept
isCvxShutdown()
is used to determine ifCVX
is shutdownThe code is as follows:
The current implementation only determines whether the pool is shutdown, and does not check whether the
booster
is shutdown The code comments explain that the execution ofBoosterOwner.shutdownSystem()
will ensure that the all pools has been shutdownBut in
BoosterOwner
, it is possible to force shutdown to the booster useBoosterOwner.forceShutdownSystem()
, in some special casesThe following code is from BoosterOwner.sol
url: https://etherscan.io/address/0x3cE6408F923326f81A7D7929952947748180f1E6#code
booster.shutdownSystem()
code:https://etherscan.io/address/0xF403C135812408BFbE8713b5A23a04b3D48AAE31#code
From the above code we know that if
withdrawAll()
fails, thenpool.shutdown==false
, butbooster.isShutdown==true
To sum up, if
BoosterOwner
executesforceShutdownSystem()
for some reason then there will still be the case: booster.shutdown == true , but pool.shutdown == falseIf this happens, it will cause
isCvxShutdown() == false
, but inCVXStaker.depositAndStake()
it will revert, becausebooster.isShutdown==true
which causes AMO2.sol not to work properly
Tools Used
Recommended Mitigation Steps
Assessed type
Context