search

code-423n4 / 2024-06-badger-findings

7 stars 5 forks source link

Reverting all actions #34

Closed howlbot-integration[bot] closed 4 months ago

howlbot-integration[bot] commented 4 months ago

Lines of code

https://github.com/code-423n4/2024-06-badger/blob/9173558ee1ac8a78a7ae0a39b97b50ff0dd9e0f8/ebtc-protocol/packages/contracts/contracts/LeverageMacroBase.sol#L241

Vulnerability details

Impact

If willSweep variable is set True, when a user do an action like open CDP, at line 241, sweepToCaller() function is called.

    function sweepToCaller() public {
        _assertOwner();
        /**
         * SWEEP TO CALLER *
         */
        // Safe unchecked because known tokens
        uint256 ebtcBal = ebtcToken.balanceOf(address(this));
        uint256 collateralBal = stETH.sharesOf(address(this));

        if (ebtcBal > 0) {
            ebtcToken.transfer(msg.sender, ebtcBal);
        }

        if (collateralBal > 0) {
            stETH.transferShares(msg.sender, collateralBal);
        }
    }

At first calls _assertOwner() function.

    function _assertOwner() internal {
        // Reference will compare to variable,
        require(owner() == msg.sender, "Must be owner");
    }

It checks that if msg.sender is not owner, transaction will revert. So all action like open CDP and close CDP will revert.

Proof of Concept

Tools Used

manual

Recommended Mitigation Steps

using _sweepEbtc() and _sweepStEth() functions instead of sweepToCaller() function.

Assessed type

Error

c4-judge commented 3 months ago

alex-ppg marked the issue as unsatisfactory: Invalid