Open c4-submissions opened 11 months ago
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as primary issue
This shouldn't present any risk at all.
FJ-Riveros (sponsor) disputed
fatherGoose1 changed the severity to QA (Quality Assurance)
Agree that this does not impose any risk. QA as it is a useful design recommendation.
fatherGoose1 marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-10-ethena/blob/main/contracts/EthenaMinting.sol#L377-L386
Vulnerability details
Impact
A user's pending tx to
EthenaMinting.mint
orredeem
can be run after a long time even if the invalidatorSlot of the tx is lower than the invalidatorSlot of the previous tx.Proof of Concept
Add the below test in
EthenaMinting.core.t.sol
and runforge test --mt testPOC_nativeEth_withdraw_twotimes
. The test changes invalidatorSlot 3 -> 0 -> 1. The invalidatorSlot, however, should not decrease.Tools Used
Manual, foundry
Recommended Mitigation Steps
Mange
lastInvalidatorSlot
inEthenaMinting
to order transactions.Assessed type
Other