search

code-423n4 / 2024-04-dyad-findings

8 stars 6 forks source link

Denial of Service in Minting, Burning, and Redeeming DYAD in vaultManagerV2 #421

Closed c4-bot-1 closed 6 months ago

c4-bot-1 commented 6 months ago

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/cd48c684a58158de444b24854ffd8f07d046c31b/script/deploy/DeployBase.s.sol#L45-L50

Vulnerability details

Summary

The VaultManagerV2, a central contract in the protocol, is designed to manage the deposit of collateral into vaults and facilitate the minting and burning of DYAD. However, due to an oversight in the deployment process, the contract is not properly registered with vaultManagerLicenser, which is required for it to interact with the DYAD token. This misconfiguration prevents VaultManagerV2 from performing critical functions, effectively paralyzing the protocol upon deployment.

Vulnerability Detail

The deployment process, outlined in DeployV2, assumes the use of an existing DYAD contract deployed on the mainnet without redeploying it. The script sets up a new UnboundedKerosineVault with the existing DYAD token:

UnboundedKerosineVault unboundedKerosineVault = new UnboundedKerosineVault(
      vaultManager,
      Kerosine(MAINNET_KEROSENE), 
      Dyad    (MAINNET_DYAD),
      kerosineManager
    );

The DYAD contract, originally deployed via DeployBase, includes a licenser to regulate which vault managers can interact with it:

Dyad dyad = new Dyad(vaultManagerLicenser);

However, the DeployV2 script fails to add the newly deployed VaultManagerV2 to the vaultManagerLicenser. Consequently, any attempts by VaultManagerV2 to interact with DYAD will trigger a revert due to the following licenser check:

Impact

Without proper licensing, VaultManagerV2 cannot execute its functions to mint, burn, or redeem DYAD, resulting in a complete denial of service (DOS) across the protocol's core functionalities. Although this issue can be rectified post-deployment by adding VaultManagerV2 to the vaultManagerLicenser, the contract is in scope and any bugs in it should be considered high impact.

Tools Used

Manual Review

Recommended Mitigation Steps

Ensure that the VaultManagerV2 is added to the vaultManagerLicenser as part of the deployment process to enable seamless integration and functionality of the DYAD token interactions from the outset. This step should be included in the deployment script to prevent operational disruptions.

Assessed type

Access Control

c4-pre-sort commented 6 months ago

JustDravee marked the issue as duplicate of #70

c4-pre-sort commented 6 months ago

JustDravee marked the issue as sufficient quality report

c4-judge commented 6 months ago

koolexcrypto marked the issue as satisfactory

c4-judge commented 6 months ago

koolexcrypto marked the issue as not a duplicate

c4-judge commented 6 months ago

koolexcrypto marked the issue as unsatisfactory: Invalid