c4-pre-sort
commented
11 months ago bytes032 marked the issue as insufficient quality report
Closed c4-submissions closed 11 months ago
c4-pre-sort
commented
11 months ago bytes032 marked the issue as insufficient quality report
GalloDaSballo
commented
11 months ago 
c4-sponsor
commented
11 months ago GalloDaSballo (sponsor) disputed
jhsagd76
commented
11 months ago constant var is static code
c4-judge
commented
11 months ago jhsagd76 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-10-badger/blob/f2f2e2cf9965a1020661d179af46cb49e993cb7e/packages/contracts/contracts/CdpManager.sol#L774-L777 https://github.com/code-423n4/2023-10-badger/blob/f2f2e2cf9965a1020661d179af46cb49e993cb7e/packages/contracts/contracts/CdpManager.sol#L53 https://github.com/code-423n4/2023-10-badger/blob/f2f2e2cf9965a1020661d179af46cb49e993cb7e/packages/contracts/contracts/CdpManagerStorage.sol#L558
Vulnerability details
Impact
Invariants ensure system health. Function
setStakingRewardSplit()ensures thatstakingRewardSplit <= MAX_REWARD_SPLITThis insures there is a hard upper limit to the possibledeltaIndexFees.However, the constructor setup functionality of the CDP Manager allows for possible misconfiguration leading to excessive fee calculation. Line 53 sets the
stakingRewardSplitwithout validating the values are within expected ranges.Proof of Concept
Admin creates the CDPManager.sol contract incorrectly setting the fee to be larger than MAX_REWARD_SPLIT. Fees can then be accrued on the system as a whole until the issue is fixed.
Tools Used
Manual Review
Recommended Mitigation Steps
Recommend validating constuctor parameters to ensure values inserted reflect expected 'invariant' behaviour elsewhere in the system.
Assessed type
Invalid Validation