search

code-423n4 / 2024-04-dyad-findings

8 stars 6 forks source link

Upgraded Q -> 2 from #389 [1715340608138] #1307

Closed c4-judge closed 4 months ago

c4-judge commented 4 months ago

Judge has assessed an item in Issue #389 as 2 risk. The relevant finding follows:

  1. Protection against kerosine price manipulation can potentially be bypassed Links to affected code * https://github.com/code-423n4/2024-04-dyad/blob/cd48c684a58158de444b24854ffd8f07d046c31b/src/core/VaultManagerV2.sol#L119 https://github.com/code-423n4/2024-04-dyad/blob/cd48c684a58158de444b24854ffd8f07d046c31b/src/core/VaultManagerV2.sol#L205

Impact The vault manager implements a flashloan protection to prevent users from depositing and withdrawing in the same block. This is done to prevent kerosene price manipulation.This protection can be bypassed by users depositing and liquidating (possibly to self) in one block to manipulate kerosine prices. The process only involves making sure their NFT is at a state at which it can be liquidated, depositing just enough to still put the NFT at a liquidatable state, but not enough to take it out and in the same block liquidating the NFT, to another NFT they own or are in cohorts with. At its core, the liquidate function acts like the a withdraw and deposit function due to move which reduces amoount from one nft and moves it to another. So by aggregating a multicall involving deposiing to an nft A in a liquitable state (depositing enough to keep it in that state), liquidating nft A to another nft B and withdrawing from nft B, all in one block, a user can successfully manipulate kerosene token prices.

Recommended Mitigation Steps Include the same check against withdrawal in the same block in the liquidate function.

c4-judge commented 4 months ago

koolexcrypto marked the issue as duplicate of #68

c4-judge commented 4 months ago

koolexcrypto marked the issue as satisfactory

c4-judge commented 4 months ago

koolexcrypto marked the issue as not a duplicate

koolexcrypto commented 4 months ago

submitted already by the same warden as saperate issue

c4-judge commented 4 months ago

koolexcrypto marked the issue as unsatisfactory: Invalid

c4-judge commented 4 months ago

koolexcrypto removed the grade

c4-judge commented 4 months ago

koolexcrypto marked the issue as duplicate of #68

c4-judge commented 4 months ago

koolexcrypto marked the issue as satisfactory

koolexcrypto commented 4 months ago

Hi @koolexcrypto , Apologies for the comment after pjqa, but I'm not sure what other issue you're referring to. This is the only instance of me submitting the issue.

Sorry, my mistake. You have two issues, mistakenly , I thought they are the same. fixed now.

c4-judge commented 4 months ago

koolexcrypto changed the severity to 3 (High Risk)