search

code-423n4 / 2024-01-opus-findings

0 stars 0 forks source link

Improper rounding down in Abbot::withdraw() #197

Closed c4-bot-6 closed 9 months ago

c4-bot-6 commented 10 months ago

Lines of code

https://github.com/code-423n4/2024-01-opus/blob/4720e9481a4fb20f4ab4140f9cc391a23ede3817/src/core/abbot.cairo#L203-L212

Vulnerability details

Impact

Improper rounding down in Abbot::withdraw()

Proof of Concept

In Abbot::withdraw(), we will decrease yang amount according to asset amount. The calculation should be round up. Because this yang amount will be decreased from user's account. We should round up to profit protocol.

Tools Used

Manual

Recommended Mitigation Steps

Round up yang amount when we decrease yang amount from user's account.

Assessed type

Other

c4-pre-sort commented 9 months ago

bytes032 marked the issue as insufficient quality report

alex-ppg commented 9 months ago

The Warden specifies that withdrawal operations do not round down which contradicts the implementation.

c4-judge commented 9 months ago

alex-ppg marked the issue as unsatisfactory: Invalid