search

code-423n4 / 2024-06-renzo-mitigation-findings

0 stars 0 forks source link

M-09 MitigationConfirmed #14

Open c4-bot-10 opened 5 months ago

c4-bot-10 commented 5 months ago

Lines of code

Vulnerability details

C4 issue

M-09: Deposits will always revert if the amount being deposited is less than the bufferToFill value

Link to issue

Comments

In the initial RestakeManager contract’s deposit function, if the amount deposited is less than bufferToFill, the entire amount is used to fill the withdrawal buffer, leaving zero to deposit. This zero amount deposit then reverts in the OperatorDelegator contract's deposit function due to a check that reverts on zero deposits.

        if (address(tokenStrategyMapping[token]) == address(0x0) || tokenAmount == 0) {
            revert InvalidZeroInput();
        }

Mitigation

PR: Pull Request 87 - M09FIX

The mitigation adds a check to ensure that only non-zero amounts are approved and deposited to the operator delegator. This change prevents deposits from reverting when the amount is less than bufferToFill.

        //  check if amount needs to be sent to operatorDelegator
        if (_amount > 0) {
            // Approve the tokens to the operator delegator
            _collateralToken.safeApprove(address(operatorDelegator), _amount);

            // Call deposit on the operator delegator
            operatorDelegator.deposit(_collateralToken, _amount);
        }

Test

New test cases have been added to verify that the function correctly handles deposits less than bufferToFill and only approves and deposits non-zero amounts. All tests have passed, confirming the fix.

Contract: RestakeManagerForkTest

Tests:

Conclusion

The addition of the check to ensure that only non-zero amounts are approved and deposited to the operator delegator resolves the issue.

c4-judge commented 5 months ago

alcueca marked the issue as satisfactory

c4-judge commented 5 months ago

alcueca marked the issue as confirmed for report