Closed c4-bot-1 closed 7 months ago
Picodes marked the issue as duplicate of #805
Picodes marked the issue as not a duplicate
How this is still actionable in a real scenario is not discussed.
Picodes marked the issue as duplicate of #224
Picodes marked the issue as unsatisfactory: Invalid
Picodes changed the severity to 2 (Med Risk)
Picodes marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/dao/DAO.sol#L321 https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/dao/DAO.sol#L372 https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/staking/Liquidity.sol#L62-L72
Vulnerability details
Impact
The
token receiving
parameters are set to zero in the following functions:DAO::formPOL()
DAO::withdrawPOL()
Liquidity::_dualZapInLiquidity()
Proof of Concept
Tools Used
Manual review
Recommended Mitigation Steps
Parameterize the
token receiving
value.Assessed type
MEV