search

code-423n4 / 2024-05-bakerfi-findings

4 stars 4 forks source link

Vault can be halted by malicious actor #23

Closed c4-bot-6 closed 5 months ago

c4-bot-6 commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-05-bakerfi/blob/main/contracts/core/Vault.sol#L203-L209

Vulnerability details

Proof of Concept

Vault.deposit function checks that both total.elastic && total.base are 0 or non 0, otherwise it reverts. https://github.com/code-423n4/2024-05-bakerfi/blob/main/contracts/core/Vault.sol#L203-L209

        Rebase memory total = Rebase(_totalAssets(maxPriceAge), totalSupply());
        if (
            // Or the Rebase is unititialized
            !((total.elastic == 0 && total.base == 0) ||
                // Or Both are positive
                (total.base > 0 && total.elastic > 0))
        ) revert InvalidAssetsState();

Attacker can send some aave collateral to the contract, just to make _totalAssets(maxPriceAge) to not be 0, before any shares where minted. As result no one will be able to deposit.

Impact

Attacker can stop Vault from working.

Tools Used

VsCode

Recommended Mitigation Steps

I am not sure that check is needed.

Assessed type

Error

c4-judge commented 5 months ago

0xleastwood marked the issue as duplicate of #37

c4-judge commented 5 months ago

0xleastwood marked the issue as satisfactory