Closed c4-bot-5 closed 5 months ago
Dust amount - QA
0xSorryNotSorry marked the issue as insufficient quality report
Trumpero changed the severity to QA (Quality Assurance)
Trumpero marked the issue as grade-b
Trumpero marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/loan/SimplePSM.sol#L134-L144 https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/loan/SimplePSM.sol#L87-L93
Vulnerability details
Impact
The
SimplePSM.redeem
function is called to redeemamountIn
CREDIT foramountOut
underlying tokens and send to addressto
. Theredeem
function calls theSimplePSM.getRedeemAmountOut
function as shown below:And the
amountOut
is calclualted in thegetRedeemAmountOut
function as shown below:The issue here is that the
dust underlying asset
amount is not accounted for in theamountOut
calculation. As a result even though the entire credit amount is burnt from themsg.sender
the received underlying asset amount to theto address
will be less since the dust asset amount was leftover in the contract.As a result this dust underlying asset amount will be stuck in the
SimplePSM
contract.Proof of Concept
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/loan/SimplePSM.sol#L134-L144
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/loan/SimplePSM.sol#L87-L93
Tools Used
Manual Review and VSCode
Recommended Mitigation Steps
Hence it is recommended to calculate the
leftover dust underlying asset amount
in theSimplePSM.getRedeemAmountOut
function by using the modulo operation and transfer that amount to theProfitManager
contract or to atreasury
contract. Hence this underlying token dust amount will not be stuck in theSimplePSM
contract.Assessed type
Math