Closed c4-bot-3 closed 5 months ago
JustDravee marked the issue as duplicate of #105
JustDravee marked the issue as sufficient quality report
koolexcrypto marked the issue as unsatisfactory: Invalid
Hi @koolexcrypto , This issue was incorrectly duped to issue #105 , which is an invalid issue.
Can you take another look at this issue please?
I believe this is a high severity issue, as the likelihood is certain(100% likelihood), and the impact is a significant theft or loss of funds.
Here are some issues which I believe are valid duplicates of this issue:
Edit... The issues mentioned above, including this issue(#1142) are duplicates of #966
Hi @Emedudu
Thank you for your feedback.
This seems to be valid and a dup of #872.
Hello @koolexcrypto , Just want to make sure you didn't omit this
koolexcrypto removed the grade
koolexcrypto marked the issue as not a duplicate
koolexcrypto marked the issue as duplicate of #1133
koolexcrypto marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2024-04-dyad/blob/main/script/deploy/Deploy.V2.s.sol#L64-L65 https://github.com/code-423n4/2024-04-dyad/blob/main/script/deploy/Deploy.V2.s.sol#L93-L94
Vulnerability details
Impact
By adding a vault as both KerosineVault and Vault, users collateralRatio is 1:1, but protocol thinks it is 2:1.
Now, when price of collateral drops and collateralRatio is less than 100%(not even 150%), protocol still thinks position is healthy.
From the Deploy.V2.s.sol script, we can see that ethVault and wsteth vault are both added in vaultLicenser and kerosineManager. This allows users to both
add
andaddKerosene
either of the vaults,guaranteeing that this bug will surface.Likelihood: High, Impact: High. Severity: High
Proof of Concept
Here is a test case that demonstrates this bug. Check "Full Proof of Concept test file" section of this report to copy and run the full test file:
Here is what happened in the coded PoC:
add
andaddKerosene
that vaultFull Proof of Concept test file
Create a new test file under "test" folder and copy in the following. Run with
forge test --match-test test_add_as_vault_and_kerosineVault -vv
:Tools Used
Manual Review
Recommended Mitigation Steps
TotalCollateralValue or totalUsdValue of a user should be calculated by iterating through and summing the values in vaults listed in the user's vaults[id] and vaultsKerosene[id] mapping. If the current vault in the iteration has been seen before, the value should not be readded and loop should be
continue
dAssessed type
Error