Closed c4-bot-1 closed 2 months ago
0xRektora (sponsor) acknowledged
0xRektora marked the issue as disagree with severity
Probability of this happening is very low. I'd put it as informational.
dmvt marked the issue as duplicate of #130
dmvt marked the issue as not a duplicate
dmvt changed the severity to QA (Quality Assurance)
dmvt marked the issue as grade-b
Not a duplicate of #130
This previously downgraded issue has been upgraded by dmvt
dmvt marked the issue as duplicate of #110
dmvt marked the issue as satisfactory
Lines of code
https://github.com/Tapioca-DAO/tap-token/blob/20a83b1d2d5577653610a6c3879dff9df4968345/contracts/options/TapiocaOptionLiquidityProvision.sol#L232
Vulnerability details
Impact
Loss of funds
Proof of Concept
Within the
tOLP
contract, in certain scenarios, Singularities can be removed. The problem is that once aSingularity
is removed, if a user by that time has not withdrawn their assets, they're forever lost.If a user attempts to call
unlock
aftersingularity
has been removedactiveSingularities[_singularity]
will return a blank struct, thus making the function later revert.The user will never be able to reclaim their funds. Even if the
singularity
is later re-adddedtotalDeposited
will be wiped out upon removal, thus the function will revert due to underflow.Tools Used
Manual review
Recommended Mitigation Steps
add a function to allow unlocks of locks even after Singularity has been removed.
Assessed type
Error