search

code-423n4 / 2023-09-goodentry-mitigation-findings

0 stars 0 forks source link

The roerouter hard-coded address error causes all fee funds to be sent to the treasury instead of the vault #56

Closed c4-submissions closed 12 months ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/GoodEntry-io/ge/blob/c7c7de57902e11e66c8186d93c5bb511b53a45b8/contracts/TokenisableRange.sol#L63

Vulnerability details

Impact

The roerouter hard-coded address error causes all fee funds to be sent to the treasury instead of the vault. This will reduce the capital utilization rate, because the fee should be added to the LP to earn interest, but now because the vault address cannot be obtained, the funds are idle in the treasury and cannot be utilized.

Proof of Concept

  address constant public treasury = 0x22Cc3f665ba4C898226353B672c5123c58751692;
  address constant roerouter = 0x22Cc3f665ba4C898226353B672c5123c58751692;

    address vault;
    // Call vault address in a try/catch structure as it's defined as a constant, not available in testing
    if (roerouter.code.length > 0) {
      try RoeRouter(roerouter).getVault(address(TOKEN0.token), address(TOKEN0.token)) returns (address _vault) {
        vault = _vault;
      }
      catch {}
    }

The roerouter incorrectly used the treasury address, resulting in the inability to obtain the correct vault address.

Tools Used

Manual review

Recommended Mitigation Steps

According to the documentation, the correct address should be 0x5430A027CC128c7fcC2208Fd78E56Aa0EBF083F2

Assessed type

Error

c4-judge commented 12 months ago

gzeon-c4 marked the issue as satisfactory

c4-judge commented 12 months ago

gzeon-c4 marked the issue as primary issue

c4-judge commented 12 months ago

gzeon-c4 marked issue #18 as primary and marked this issue as a duplicate of 18