Improper Validation in the `BuyCreditMarket::validateBuyCreditMarket` Function Causes Incorrect Reverts When `params.exactAmountIn` is True resulting in an invariant break #119
The BuyCreditMarket::validateBuyCreditMarket function validates the params. amount to be more than the minimumCreditBorrowAToken (which according to the deploy script, it's 50 usdc or 5 usdc). Still, the function doesn't check that the amount is cash or credit.
in most cases, the cash is less than the credit and if any user wants to buy credit and sets the params.exactAmountIn to true then the function should not check the amount with the minimum credit cause the amount is cash, not credit and it will revert which should not.
The function could revert incorrectly, preventing users from executing valid transactions and could disrupt normal functionality.
As a result, an invariant of the system breaks:
REVERTS: Actions behave as expected under dependency reverts
@note Similarly, the SellCreditMarket::validateSellCreditMarket reverts under the same conditions
Lines of code
https://github.com/code-423n4/2024-06-size/blob/8850e25fb088898e9cf86f9be1c401ad155bea86/src/libraries/actions/BuyCreditMarket.sol#L91 https://github.com/code-423n4/2024-06-size/blob/8850e25fb088898e9cf86f9be1c401ad155bea86/src/libraries/actions/SellCreditMarket.sol#L93
Vulnerability details
Impact
The
BuyCreditMarket::validateBuyCreditMarket
function validates theparams. amount
to be more than theminimumCreditBorrowAToken
(which according to the deploy script, it's 50 usdc or 5 usdc). Still, the function doesn't check that theamount
is cash or credit. in most cases, the cash is less than the credit and if any user wants to buy credit and sets theparams.exactAmountIn
to true then the function should not check theamount
with the minimum credit cause theamount
is cash, not credit and it will revert which should not. The function could revert incorrectly, preventing users from executing valid transactions and could disrupt normal functionality. As a result, an invariant of the system breaks: REVERTS: Actions behave as expected under dependency reverts@note Similarly, the
SellCreditMarket::validateSellCreditMarket
reverts under the same conditionsProof of Concept
put this test into the
BuyCreditMarket.t.sol
:Tools Used
manual review
Recommended Mitigation Steps
make sure that the
amount
is the credit and if it's cash, consider the correct situationAssessed type
Invalid Validation