Open c4-bot-10 opened 6 months ago
What the description means to say is:
However, if they are called before
_deposit
is called, this increase becomes meaningless.
0xEVom marked the issue as primary issue
0xEVom marked the issue as sufficient quality report
kalinbas (sponsor) confirmed
jhsagd76 marked the issue as satisfactory
jhsagd76 marked the issue as selected for report
Lines of code
https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Vault.sol#L807-L949 https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Vault.sol#L807-L883 https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Vault.sol#L807-L1249
Vulnerability details
Vulnerability Details
When the
V3Vault.sol#_withdraw
andV3Vault.sol#_repay
functions are called,dailyLendIncreaseLimitLeft
anddailyDebtIncreaseLimitLeft
are increased. However, if it is called before_withdraw
and_repay
are called, this increase becomes meaningless.Impact
Even if the
V3Vault.sol#_withdraw
andV3Vault.sol#_repay
functions are called,dailyLendIncreaseLimitLeft
anddailyDebtIncreaseLimitLeft
do not increase, so the protocol does not work as intended.Proof of Concept
V3Vault.sol#_withdraw
is as follows.As you can see, increase
dailylendIncreaselimitLeft
by theasset
amount inL949
. HoweverV3Vault.sol#_deposit
is as follows.As you can see on the right, the
dailyLendIncreaseLimitLeft
function is called inL883
.V3Vault.sol#_resetDailyLendIncreaseLimit
is as follows.Looking at the function above, the increase of
dailyLendIncreaseLimitLeft
in the withdraw performed before depositing when a new day begins is not reflected in thedailyLendIncreaseLimitleft
control byL1249
. That is, the increase will not be reflected in thedailyLendIncreaseLimitLeft
control. The same problem exists in therepay
andborrow
functions.Tools Used
Manual Review
Recommended Mitigation Steps
VeVault.sol#_withdraw
function is modified as follows.VeVault.sol#_repay
function is modified as follows.Assessed type
Other