Closed c4-bot-10 closed 4 months ago
JustDravee marked the issue as duplicate of #489
JustDravee marked the issue as sufficient quality report
koolexcrypto marked the issue as unsatisfactory: Invalid
koolexcrypto marked the issue as unsatisfactory: Invalid
koolexcrypto marked the issue as nullified
koolexcrypto marked the issue as not nullified
koolexcrypto marked the issue as duplicate of #1001
koolexcrypto marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L119-L131
Vulnerability details
Impact
The deposit() function is publicly accessible, allowing any user to deposit funds on behalf of another. However, the protocol includes an additional layer of security to prevent customers from depositing and withdrawing in the same block, tracked in the idToBlockOfLastDeposit mapping. An attacker can exploit this by monitoring a victim's activity and depositing a small amount on their behalf, thereby blocking their withdrawals. This could be financially motivated if the user is close to being liquidated and wants to close his positions.
Proof of Concept
https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L119-L131
Tools Used
Manual Analysis
Recommended Mitigation Steps
Multiple fixes could be implemented:
proposal 1: Restrict the protocol so users can deposit only for themselves. proposal 2: Make the mapping track the deposits of msg.sender and not the id.
Assessed type
DoS