Open code423n4 opened 1 year ago
minhquanym marked the issue as primary issue
Duplicate of #52 and #59
cryptotechmaker marked the issue as disagree with severity
Should be low or maximum medium severity. Replacing the property is unlikely and strategies are also replaceable. It's a duplicate as well
cryptotechmaker (sponsor) confirmed
dmvt marked the issue as duplicate of #52
dmvt changed the severity to QA (Quality Assurance)
dmvt marked the issue as grade-b
dmvt marked the issue as grade-a
Lines of code
https://github.com/Tapioca-DAO/tapioca-yieldbox-strategies-audit/blob/05ba7108a83c66dada98bc5bc75cf18004f2a49b/contracts/curve/TricryptoLPStrategy.sol#L150-L155
Vulnerability details
Impact
Detailed description of the impact of this finding. TricryptoLPStrategy.setTricryptoLPGetter() fails to set the new lptoken when setting a new lpGetter, as a result, the TricryptoLPStrategy will be in the wrong state and mulfunction.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
TricryptoLPStrategy.setTricryptoLPGetter() allows the owner to set a new lpGetter.
https://github.com/Tapioca-DAO/tapioca-yieldbox-strategies-audit/blob/05ba7108a83c66dada98bc5bc75cf18004f2a49b/contracts/curve/TricryptoLPStrategy.sol#L150C14-L155
One important setup is to assign
lpToken = IERC20(lpGetter.lpToken());
(see the code in the constructor). However, TricryptoLPStrategy.setTricryptoLPGetter() fails to assign a new lpToken when a new lpGetter is set. As a result, the lpToken is still old while lpGetter is new, leading a mixed state of the TricryptoLPStrategy contract, which will malfunction.Tools Used
VSCode
Recommended Mitigation Steps
Reassign lpToken when setting a new lpGetter.
Assessed type
Upgradable