Closed code423n4 closed 1 year ago
It may be used for malicious scenarios with flashloan for example.
lack of clear explanation of the impact
JeffCX marked the issue as low quality report
0xean marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/pools/base/LybraEUSDVaultBase.sol#L240
Vulnerability details
Description
There is no restriction for self
rigidRedemption
so that allows one to repay and withdraw instantly part of the collateral. https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/pools/base/LybraEUSDVaultBase.sol#L238-L241 That allows us to instantly withdraw with less fee paid.Impact
It may be used for malicious scenarios with flashloan for example.
Proof of Concept
Tools Used
Foundry, mainnet forking
Recommended Mitigation Steps
Restrict self
rigidRedemption
Assessed type
Other