Closed c4-bot-8 closed 3 months ago
https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/PowerFarms/PendlePowerFarm/PendlePowerManager.sol#L96-L140
When a user enters the farm with 0 eth, the getWiseLendingNFT()decreases and reverts at _openPostion() with - "AmountTooSmall()". but the availableNFT will be reduced already
getWiseLendingNFT()
_openPostion()
availableNFT
Malicious deletion in availableNFT
Manual Review
function enterFarm( bool _isAave, uint256 _amount, uint256 _leverage, uint256 _allowedSpread ) external isActive updatePools returns (uint256) { uint256 wiseLendingNFT = _getWiseLendingNFT(); _safeTransferFrom( WETH_ADDRESS, msg.sender, address(this), _amount ); _openPosition( _isAave, wiseLendingNFT, _amount, _leverage, _allowedSpread ); uint256 keyId = _reserveKey( msg.sender, wiseLendingNFT ); isAave[keyId] = _isAave; emit FarmEntry( keyId, wiseLendingNFT, _leverage, _amount, block.timestamp ); return keyId; }
function _getWiseLendingNFT() internal returns (uint256) { if (availableNFTCount == 0) { uint256 nftId = POSITION_NFT.mintPosition(); _registrationFarm( nftId ); POSITION_NFT.approve( AAVE_HUB_ADDRESS, nftId ); return nftId; } // @audit - this reduces the list of available NFTs return availableNFTs[ availableNFTCount-- ]; }
Make a check to ensure _amount is greater than zero
_amount
+ error AmountLessThanZero() function enterFarm( bool _isAave, uint256 _amount, uint256 _leverage, uint256 _allowedSpread ) external isActive updatePools returns (uint256) { + if ( _amount < 0) { + revert AmountLessThanZero() + } uint256 wiseLendingNFT = _getWiseLendingNFT(); _safeTransferFrom( WETH_ADDRESS, msg.sender, address(this), _amount ); _openPosition( _isAave, wiseLendingNFT, _amount, _leverage, _allowedSpread ); uint256 keyId = _reserveKey( msg.sender, wiseLendingNFT ); isAave[keyId] = _isAave; emit FarmEntry( keyId, wiseLendingNFT, _leverage, _amount, block.timestamp ); return keyId; }
Other
GalloDaSballo marked the issue as insufficient quality report
Imaginary issue
trust1995 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/PowerFarms/PendlePowerFarm/PendlePowerManager.sol#L96-L140
Vulnerability details
Description:
When a user enters the farm with 0 eth, the
getWiseLendingNFT()
decreases and reverts at_openPostion()
with - "AmountTooSmall()". but theavailableNFT
will be reduced alreadyImpact:
Malicious deletion in
availableNFT
Tools Used
Manual Review
Proof Of Concept:
Recommended Mitigation Steps:
Make a check to ensure
_amount
is greater than zeroAssessed type
Other