code-423n4 / 2023-07-pooltogether-findings

12 stars 7 forks source link

Using mulDiv incorrectly in `Vault.sol` #187

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L1183

Vulnerability details

Impact

Incorrect typing in mulDiv function, the third parameter should be the denominator, not a Math.Rounding.Down

Proof of Concept

https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/math/Math.sol#L207 see the documentation of Math openzeppelin

Tools Used

Recommended Mitigation Steps

input the third parameter to be denominator

Assessed type

Math

Picodes commented 1 year ago

That is not how types works

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Invalid