search

code-423n4 / 2023-10-ethena-findings

5 stars 5 forks source link

hardcoded route ratio might hcause verify route return false continously instead use >= #710

Closed c4-submissions closed 11 months ago

c4-submissions commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-10-ethena/blob/ee67d9b542642c9757a6b826c82d0cae60256509/contracts/EthenaMinting.sol#L370-L372

Vulnerability details

Impact

hardcoded rout ratio might cause verify route to return false continuously the verifyroute in ethenaminting.sol is an if that checks whether the route ratio is 10_000 or not and the ratio is going to be somewhere around that but what if it actually up with 1 digit difference? it would revert and the whole operation would break

hardcoding route ratio for 10_000 is not a good idea and it would create unnecesery issue.

Proof of Concept


 if (totalRatio != 10_000) {
      return false;
    }

Tools Used

manually / vs code

Recommended Mitigation Steps

-consider using >= / <= rather than =!

Assessed type

Other

c4-pre-sort commented 11 months ago

raymondfam marked the issue as low quality report

c4-pre-sort commented 11 months ago

raymondfam marked the issue as primary issue

raymondfam commented 11 months ago

Insufficient proof.

c4-judge commented 11 months ago

fatherGoose1 marked the issue as unsatisfactory: Insufficient proof