Closed c4-bot-9 closed 5 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as duplicate of #171
Paralleling #171 and more prone to user's fault.
hansfriese marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/RedemptionFacet.sol#L56-L177 https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/RedemptionFacet.sol#L31-L43 https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/RedemptionFacet.sol#L87 https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/RedemptionFacet.sol#L31-L43 https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/RedemptionFacet.sol#L116-L125
Vulnerability details
Summary & Impact
proposeRedemption
function allows users to propose a set of ShortRecords for redemption. It takes the following parameters:asset
: The market that will be impacted.proposalInput
: Array of data pertaining to the ShortRecord candidates.redemptionAmount
: Total amount of ercDebt requested to be redeemed.maxRedemptionFee
: Maximum fee that the redeemer is willing to pay.Then perform the following steps:
proposalInput
array and validates each ShortRecord candidate.RedemptionFacet.sol::proposeRedemption
For example, the
validRedemptionSR
function checks if the ShortRecord's status is notSR.Closed
and if theercDebt
is greater than or equal tominShortErc
. However, it does not verify other important aspects, such as the ShortRecord's collateral ratio or the validity of the associated short order.RedemptionFacet.sol::validRedemptionSR
Impact
Incorrect redemption amounts could be calculated based on the invalid or manipulated ShortRecords proposed by an attacker. This could lead to the redemption of unintended collateral and debt amounts, potentially draining funds from the system or disrupting the protocol's stability. Attackers may exploit this vulnerability to gain an unfair advantage or manipulate the redemption process for their benefit.
Proof of Concept
Step 1: Attacker identifies a ShortRecord with a low collateral ratio. Let's assume there exists a ShortRecord with the following properties:
shortRecord.status
=SR.FullyFilled
shortRecord.ercDebt
= 1000 DUSDshortRecord.collateral
= 1100 DETHshortRecord.shortOrderId
= 0 (no associated short order)The collateral ratio of this ShortRecord is approximately 1.1 (1100 DETH / 1000 DUSD), which is considered low.
Step 2: Attacker prepares the
proposalInput
array. The attacker creates aproposalInput
array that includes the identified ShortRecord:Step 3: Attacker calls the
proposeRedemption
function. The attacker calls theproposeRedemption
function with the preparedproposalInput
array:Step 4: The
proposeRedemption
function processes the proposed ShortRecord. Inside theproposeRedemption
function, thevalidRedemptionSR
function is called to validate the proposed ShortRecord: #L87However, the
validRedemptionSR
function only checks for the ShortRecord's status,ercDebt
, and the proposer's address: https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/RedemptionFacet.sol#L31-L43Step 5: The redemption proposal is processed. The
proposeRedemption
function continues to process the redemption proposal, calculating the total collateral and debt to be redeemed based on the proposed ShortRecord: RedemptionFacet.sol#116-L125Step 6: Impact on the protocol and users. By successfully proposing a ShortRecord with a low collateral ratio, the attacker can potentially redeem more collateral than what is fair based on the ShortRecord's debt. In this example, the attacker can redeem 1100 DETH by proposing to redeem 1000 DUSD, effectively gaining an extra 100 DETH.
This exploitation can lead to the drainage of funds from the protocol and disrupt the overall stability and solvency of the system. If multiple attackers perform similar exploits or if the attacker proposes a large number of such ShortRecords, the impact can be significant.
Furthermore, the attack can be amplified if the attacker proposes ShortRecords associated with invalid short orders, as the
validRedemptionSR
function does not validate the integrity of the associated short order.Tools Used
Vs
Recommended Mitigation Steps
The
validRedemptionSR
should be enhanced to perform more comprehensive validation checks on the proposed ShortRecords.RedemptionFacet.sol::
I've introduced additional checks to verify the ShortRecord's collateral ratio and the validity of the associated short order. The
minCollateralRatio
can be set to a reasonable value to ensure that only ShortRecords with sufficient collateral are considered valid for redemption. TheisValidShortOrder
function (to be implemented separately) should check the validity of the short order associated with the ShortRecord.Assessed type
Other