Closed c4-bot-9 closed 2 months ago
Provisionally marking as satisfactory
3docSec marked the issue as satisfactory
3docSec marked the issue as selected for report
Fee is already deducted above: https://github.com/code-423n4/2024-06-krystal-defi/blob/f65b381b258290653fa638019a5a134c4ef90ba8/src/V3Automation.sol#L101
3docSec marked the issue as unsatisfactory: Invalid
Invalid as per sponsor comment
Lines of code
https://github.com/code-423n4/2024-06-krystal-defi/blob/f65b381b258290653fa638019a5a134c4ef90ba8/src/V3Automation.sol#L117-L129
Vulnerability details
Proof of Concept
Take a look at https://github.com/code-423n4/2024-06-krystal-defi/blob/f65b381b258290653fa638019a5a134c4ef90ba8/src/V3Automation.sol#L117-L129
This is the internal execute function that gets always gets queried in the
V3Automation
, and in the case where the action isAUTO_ADJUST
the_swapAndMint()
gets called, issue however is that all three instances hardcode the protocol fee as0
, regardless of what has been stored inparams.protocolFeeX64
, now see the implementation of theSwapAndMintParams
struct here, evidently, there is a need to attach the rightprotocolFeeX64
, see https://github.com/code-423n4/2024-06-krystal-defi/blob/f65b381b258290653fa638019a5a134c4ef90ba8/src/Common.sol#L151-L152But since this has been hardcoded to
0
and from this snippet in _execute() we can see that is this protocol fee == 0, which would then lead to swap and minting to be done in the wrong pretense considering the wrong (no) fee is attachedImpact
Protocol erroneously hardcodes the protocol fee as
0
for all instances of swapping and minting for theAUTO_ADJUST
action in V3Automation, whereas this value could indeed be > 0.Recommended Mitigation Steps
Consider applying the correct protocol fee when querying
_swapAndMint()
for theAUTO_ADJUST
action.Assessed type
Context