Open c4-bot-1 opened 8 months ago
hansfriese marked the issue as primary issue
fez-init (sponsor) acknowledged
The issue should be mitigated with the introduction of hooks, where such additional logic of amount to share conversion can be implemented.
hansfriese marked the issue as satisfactory
hansfriese marked the issue as selected for report
Lines of code
https://github.com/code-423n4/2023-12-initcapital/blob/main/contracts/core/InitCore.sol#L151 https://github.com/code-423n4/2023-12-initcapital/blob/main/contracts/core/InitCore.sol#L282 https://github.com/code-423n4/2023-12-initcapital/blob/main/contracts/core/InitCore.sol#L317
Vulnerability details
Impact
repay()
,liquidate()
andliquidateWLp()
transactions revert if users approve the exact repay amount they need in the frontend and only after some blocks have passed is the transaction settled. This happens because the interest accrual is by timestamp, so the debt would have increased since the approval, when the transaction settles.Proof of Concept
A test when repaying debt was carried out in
TestInitCore.sol
. The timestamp increased just 1 second, but it was enough to make the transaction revert. It may be possible to request a bigger alowance than expected, but this has other implications.Tools Used
Vscode, Foundry
Recommended Mitigation Steps
Receive the amount in InitCore as argument instead of the shares on the
repay()
,liquidate()
andliquidateWLp()
functions.Assessed type
Under/Overflow