Closed c4-bot-1 closed 4 months ago
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as primary issue
Will let sponsor review the coded POC.
ditto-eth (sponsor) disputed
the poc is invalid, but having dived a little deeper this can be a configuration issue for the dao if tithe set to specific values, which is not the case for our config.
As it's related to the admin's configuration, QA is appropriate.
hansfriese changed the severity to QA (Quality Assurance)
hansfriese marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/BridgeRouterFacet.sol#L63
Vulnerability details
Impact
Users will not be able to deposit in the protocol.
Proof of Concept
from updateYield method:
A revert could occur here yield -= tithe since
tithe
possibly could be greater than the yield.How could tithe could possibly greater than the yield? In the protocol when a short or a bid having a match they will eligible to have a discount in matchIncomingBid and matchIncomingSell, however if a discount is active this will increase Vault.dethTitheMod with the time (depends on coming value according to its math).
I created POC foundry to apply this case practically in the protocol, e.g. if the generated yield is 2000000, and the Vault.dethTitheMod reach 10000 and
dethTithePercent
is 10 then result is, the tithe is 2002000, which is greater than the yield value which cause a revert.This edge case impact will lead to a revert and blocking updating the yield, causing the deposits to be blocked too since maybeUpdateYield is calling updateYield in case there is already more than BRIDGE_YIELD_UPDATE_THRESHOLD (1000 ether) deposited.
To run the POC code please add the code in a file with deposit_revert_issue .t.sol under
test\deposit_revert_issue.t.sol
Output
Tools Used
Manual Review
Recommended Mitigation Steps
check if
tithe > yield
then return without reverting.Assessed type
Other