search

code-423n4 / 2023-10-ethena-findings

5 stars 5 forks source link

in the verify route the order type should not be ordertype.REDEEM and function should return false but returns true. #692

Open c4-submissions opened 11 months ago

c4-submissions commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-10-ethena/blob/ee67d9b542642c9757a6b826c82d0cae60256509/contracts/EthenaMinting.sol#L352-L355

Vulnerability details

Impact

in the Ethenaminting.sol Contract and in the VerifyRoute() function in line 353 there is IF that checks if the order type is ordertype.REDEEM but as you saw in the comments of that if it suppose to // routes only used to mint

so that means ordertype. should not be redeem. but it is and it should return false instead of true

Proof of Concept

 function verifyRoute(Route calldata route, OrderType orderType) public view override returns (bool) {
    // routes only used to mint
    if (orderType == OrderType.REDEEM) {
      return true;
    }

Tools Used

vs code / brain

Recommended Mitigation Steps

Assessed type

Other

c4-pre-sort commented 11 months ago

raymondfam marked the issue as sufficient quality report

c4-pre-sort commented 11 months ago

raymondfam marked the issue as duplicate of #36

c4-judge commented 11 months ago

fatherGoose1 marked the issue as unsatisfactory: Invalid

c4-judge commented 10 months ago

fatherGoose1 changed the severity to QA (Quality Assurance)

c4-judge commented 10 months ago

fatherGoose1 marked the issue as grade-b