search

code-423n4 / 2024-04-panoptic-findings

7 stars 3 forks source link

There is no msg.value check while making deposit. #529

Closed c4-bot-9 closed 4 months ago

c4-bot-9 commented 4 months ago

Lines of code

https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/CollateralTracker.sol#L417-L429 https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/libraries/SafeTransferLib.sol#L21-L46

Vulnerability details

Summary

The SafeTransferLib.safeTransferFrom does not check if the actual value being sent with the transaction is the specified amount

Detailed Description

The SafeTransferLib makes a low level call to send a transaction but there is no check to ascertain the value sent is equal to the actual amount.

Impact:

This could lead to lose of funds.

Proof of Code

Run the following test in the projects test suit using the same setup to validate the bug

    function deposit(uint256 assets, address receiver) external returns (uint256 shares) {
        if (assets > type(uint104).max) revert Errors.DepositTooLarge();

        shares = previewDeposit(assets);

        // @audit-issue there is no msg.value check
        SafeTransferLib.safeTransferFrom(
            s_underlyingToken,
            msg.sender,
            address(s_panopticPool),
            assets
        );

        _mint(receiver, shares);

        // update tracked asset balance
        unchecked {
            s_poolAssets += uint128(assets);
        }

        emit Deposit(msg.sender, receiver, assets, shares);
    }

Tool used:

Manual Review

Recommended Mitigation:

The protocol should add a check in order to make sure only the specified amount of deposit actually gets deposited.

Assessed type

Token-Transfer

c4-judge commented 4 months ago

Picodes marked the issue as unsatisfactory: Invalid