search

code-423n4 / 2023-11-kelp-findings

13 stars 11 forks source link

There is a missing check in the function updateAssetDepositLimit #473

Open c4-submissions opened 1 year ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-11-kelp/blob/main/src/LRTConfig.sol#L94

Vulnerability details

Proof of Concept

When the manager calls the function updateAssetDepositLimit, there is no check that depositLimit can’t be less than the previous depositLimit .

Tools Used

manual review

Recommended Mitigation Steps

Validate that depositLimit can’t be less than the previous depositLimit when calling the function updateAssetDepositLimit

Assessed type

Invalid Validation

c4-pre-sort commented 1 year ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 1 year ago

raymondfam marked the issue as duplicate of #69

c4-judge commented 11 months ago

fatherGoose1 changed the severity to QA (Quality Assurance)

c4-judge commented 11 months ago

fatherGoose1 marked the issue as grade-b