search

code-423n4 / 2024-08-wildcat-findings

3 stars 1 forks source link

An incorrect value of state.isDelinquent might impact the functionality of hook operations. #21

Closed c4-bot-8 closed 2 months ago

c4-bot-8 commented 2 months ago

Lines of code

https://github.com/code-423n4/2024-08-wildcat/blob/main/src/market/WildcatMarketBase.sol#L542

Vulnerability details

Impact

By using an incorrect value for state.isDelinquent, hook operations may produce unexpected outcomes.

Proof of Concept

As market operations occur, we can generally assume they follow these steps:

  1. _getUpdatedState(): This step updates the scale factor and fees, processes withdrawal batches, and other preliminary tasks.
  2. Actions: Includes operations like depositing or claiming assets.
  3. Hooks: Invokes the corresponding hook functions of a hook instance.
  4. _writeState(): Finally updates state.isDelinquent and saves it to storage.

As outlined, state.isDelinquent isn't updated until _writeState is executed, yet it is referenced during steps 1-3. Throughout the codebase, we ensure that steps 1-3 do not rely on the state.isDelinquent value in a way that would lead to incorrect operations.

However, since hook templates are dynamically added by the protocol and markets will use them for extended hook monitoring, it is imperative to pass the correct value to hook functions that accurately reflects the current state.

Tools Used

Manual Review

Recommended Mitigation Steps

Update state.isDelinquent in _getUpdatedState function:

  function _getUpdatedState() internal returns (MarketState memory state) {
    state = _state;
+   bool isDelinquent = state.liquidityRequired() > totalAssets();
+   state.isDelinquent = isDelinquent;
    ...
  }

Assessed type

Error

c4-judge commented 1 month ago

3docSec marked the issue as unsatisfactory: Invalid