c4-pre-sort
commented
1 year ago 0xRobocop marked the issue as duplicate of #268
Closed code423n4 closed 1 year ago
c4-pre-sort
commented
1 year ago 0xRobocop marked the issue as duplicate of #268
c4-pre-sort
commented
1 year ago 0xRobocop marked the issue as sufficient quality report
c4-judge
commented
1 year ago JustDravee changed the severity to 3 (High Risk)
c4-judge
commented
1 year ago JustDravee marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2023-08-shell/blob/c61cf0e01bada04c3d6055acb81f61955ed600aa/src/proteus/EvolvingProteus.sol#L353-L380
Vulnerability details
Impact
Lack of balance checks in the
depositGivenInputAmountfunction can lead to various unpredictable consequences due to the breach of requirement "The pool's ratio of y to x must be within the interval [MIN_M, MAX_M)".Proof of Concept
The
depositGivenInputAmountreceive andepositedAmountparameter which describes how many reserve tokens the user wants to deposit. There are no balance checks in thedepositGivenInputAmountfunction and in the_reserveTokenSpecifiedfunction, similar with checks in the_swapfunction. So users can deposit such an amount of tokens which breach the pool's ratio.Tools Used
Manual review
Recommended Mitigation Steps
I suggest using the
_checkBalancesfunction at thedepositGivenInputAmountfunction or at the_reserveTokenSpecifiedfunction.Assessed type
Other