The _claimable function in the contract checks whether _crvTotalRewards or _amphBalance are zero, and if so, returns all zeros. However, there is no such check for _cvxTotalRewards. This omission can lead to a situation where the function returns non-zero _crvAmountToSend and _claimableAmph but zero _cvxAmountToSend.
This could potentially lead to undesired behavior or logical errors.
The issue lies in the following line of the _claimable function:
// if amounts are zero, or AMPH balance is zero simply return all zeros
if (_crvTotalRewards == 0 || _amphBalance == 0) return (0, 0, 0);
The function checks if _crvTotalRewards or _amphBalance are zero, but there is no check for _cvxTotalRewards. This can lead to a potential logical error if _cvxTotalRewards is zero.
Tools Used
Manual review/ChatGPT
Recommended Mitigation Steps
The condition should be modified to include a check for _cvxTotalRewards. The updated condition should look like this:
Lines of code
https://github.com/code-423n4/2023-07-amphora/blob/daae020331404647c661ab534d20093c875483e1/core/solidity/contracts/core/AMPHClaimer.sol#L169
Vulnerability details
Impact
The _claimable function in the contract checks whether _crvTotalRewards or _amphBalance are zero, and if so, returns all zeros. However, there is no such check for _cvxTotalRewards. This omission can lead to a situation where the function returns non-zero _crvAmountToSend and _claimableAmph but zero _cvxAmountToSend.
This could potentially lead to undesired behavior or logical errors.
Proof of Concept
https://github.com/code-423n4/2023-07-amphora/blob/daae020331404647c661ab534d20093c875483e1/core/solidity/contracts/core/AMPHClaimer.sol#L169
The issue lies in the following line of the _claimable function:
// if amounts are zero, or AMPH balance is zero simply return all zeros if (_crvTotalRewards == 0 || _amphBalance == 0) return (0, 0, 0);
The function checks if _crvTotalRewards or _amphBalance are zero, but there is no check for _cvxTotalRewards. This can lead to a potential logical error if _cvxTotalRewards is zero.
Tools Used
Manual review/ChatGPT
Recommended Mitigation Steps
The condition should be modified to include a check for _cvxTotalRewards. The updated condition should look like this:
if (_cvxTotalRewards == 0 || _crvTotalRewards == 0 || _amphBalance == 0) return (0, 0, 0);
This will ensure that the function returns all zeros if _cvxTotalRewards, _crvTotalRewards, or _amphBalance are zero
Assessed type
Other