Open hats-bug-reporter[bot] opened 6 months ago
Github username: @ololade97 Twitter username: 97Sabit Submission hash (on-chain): 0x96043732b96e5885f6613024143e5239cc362f2d68a0f95e28014cfa8e9aebf4 Severity: high
Description: Description\ minOut is intended to protect against getting undesired tokens by reverting if outputs are low.
The check if (minOut[it] > tokenAmount) revert ReturnInsufficient() compares minOut to the calculated tokenAmount.
It does not verify if the amount sent to the user is less than the minOut specified and expected by a user.
Attack Scenario\ A user can get lesser and undesired tokens to the minOut.
Attachments https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystVaultVolatile.sol#L486-L556
// Ensure the output satisfies the user. if (minOut[it] > tokenAmount) revert ReturnInsufficient(tokenAmount, minOut[it]);
Dublicate
Github username: @ololade97 Twitter username: 97Sabit Submission hash (on-chain): 0x96043732b96e5885f6613024143e5239cc362f2d68a0f95e28014cfa8e9aebf4 Severity: high
Description: Description\ minOut is intended to protect against getting undesired tokens by reverting if outputs are low.
The check if (minOut[it] > tokenAmount) revert ReturnInsufficient() compares minOut to the calculated tokenAmount.
It does not verify if the amount sent to the user is less than the minOut specified and expected by a user.
Attack Scenario\ A user can get lesser and undesired tokens to the minOut.
Attachments https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystVaultVolatile.sol#L486-L556