search

code-423n4 / 2024-08-wildcat-findings

3 stars 1 forks source link

`WildcantMarketWithdrawals.sol::executeWithdrawals` function does not have validation check for the sufficient balance is there to repay all the address in the queue #105

Closed howlbot-integration[bot] closed 1 month ago

howlbot-integration[bot] commented 2 months ago

Lines of code

https://github.com/code-423n4/2024-08-wildcat/blob/fe746cc0fbedc4447a981a50e6ba4c95f98b9fe1/src/market/WildcatMarketWithdrawals.sol#L217

Vulnerability details

Impact

This will revert unexpectedly and user wont be able to withdraw funds. It also dont allow other queue address to withdraw funds wheather pool has enough to fulfill there withdrawal request

Proof of Concept

Below function will revert the under or overflow error if there is less required amount to fulfill the request.

 function test_executeWithdrawalsWithOutCheckingTotalLiquidityAvailable() external {
    parameters.annualInterestBips = 0;
    setUp();
    _deposit(alice, 1e18);
    _deposit(bob, 1e18);
    uint32 expiry1 = uint32(block.timestamp + parameters.withdrawalBatchDuration);
    uint32 expiry2 = uint32(expiry1 + parameters.withdrawalBatchDuration + 1);
    _prepareBatch(0.6e18, 0.5e18, true);
    _prepareBatch(0.5e18, 0.6e18, true);
    _checkBatch(expiry1, 1e18, 1e18, 1e18);
    _checkBatch(expiry2, 1e18, 1e18, 1e18);

    address[] memory accounts = new address[](4);
    accounts[0] = alice;
    accounts[1] = bob;
    accounts[2] = alice;
    accounts[3] = bob;
    uint32[] memory expiries = new uint32[](4);
    expiries[0] = expiry1;
    expiries[1] = expiry1;
    expiries[2] = expiry2;
    expiries[3] = expiry2;
    MarketState memory state = pendingState();
    _trackExecuteWithdrawal(state, expiry1, alice);
    _trackExecuteWithdrawal(state, expiry1, bob);
    _trackExecuteWithdrawal(state, expiry2, alice);
    _trackExecuteWithdrawal(state, expiry2, bob);
    market.executeWithdrawals(accounts, expiries);
  }

Tools Used

Manual review

Recommended Mitigation Steps

Add some checks to check the total amount of liquidity and how to address requests it can fulfill.

Assessed type

Under/Overflow

3docSec commented 1 month ago

I don't see a relation with #64. There is no mention of markets closed, small withdraws, rounding, ...

Also, the provided PoC does not highlight the issue because it panics for underflow in the test code, not in the executeWithdrawal call.

c4-judge commented 1 month ago

3docSec marked the issue as not a duplicate

c4-judge commented 1 month ago

3docSec marked the issue as unsatisfactory: Insufficient proof