search

code-423n4 / 2024-07-reserve-validation

0 stars 0 forks source link

loop iterates over wrong erc length array for backup tokens in baskethandler.sol #177

Closed c4-bot-4 closed 1 month ago

c4-bot-4 commented 1 month ago

Lines of code

https://github.com/code-423n4/2024-07-reserve/blob/3f133997e186465f4904553b0f8e86ecb7bbacbf/contracts/p1/BasketHandler.sol#L296

Vulnerability details

vulnerability details Backup collaterals are used in the contract to ensure that the basket (or pool) of assets remains balanced and meets predefined target weights even if some primary assets are unavailable or unsuitable, in the basketlib.sol when adding the backup ercs the loop iterates over backup.erc20s.length array to add the given erc to the backup however the problem is in the baskethandler.sol when setting up the backup config the loop iterates over erc20s.length array instead of backup.erc20s.length

the right loop https://github.com/code-423n4/2024-07-reserve/blob/3f133997e186465f4904553b0f8e86ecb7bbacbf/contracts/p1/mixins/BasketLib.sol#L252

the problematic loop https://github.com/code-423n4/2024-07-reserve/blob/3f133997e186465f4904553b0f8e86ecb7bbacbf/contracts/p1/BasketHandler.sol#L296

impact wrong backup erc tokens will be added which can lead to other issues for the protocol If invalid tokens are added, they can disrupt the backup process. They may not be usable when the system needs them, leading to failures in the backup strategy and possibly leaving the system vulnerable if primary tokens fail\

mitigation

iterate over backup.erc20s.length instead of erc20s.length

Assessed type

Loop