search

hats-finance / Kintsu-0x7d70f9442af3a9a0a734fa6a1b4857f25518e9d2

Smart contracts for Kintsu
Other
0 stars 0 forks source link

Lack of Input Validation in adjust_incentive #37

Open hats-bug-reporter[bot] opened 1 month ago

hats-bug-reporter[bot] commented 1 month ago

Github username: @neuraldevx Twitter username: -- Submission hash (on-chain): 0x3e4b46b95d1480290018263cabe261636184107d201e164e1ebbc755d8d9854f Severity: low

Description: Description

The adjust_incentive function does not validate the new_incentive parameter, which could lead to setting an impractically high incentive.

Attack Scenario

A malicious actor with the role_adjust_fee privilege could set the incentive to an extremely high value, leading to excessive rewards and potential depletion of the contract's funds.

Attachments

  1. Proof of Concept (PoC) File
#[ink(message)]
pub fn adjust_incentive(&mut self, new_incentive: u16) -> Result<(), VaultError> {
    let caller = Self::env().caller();

    if caller != self.data.role_adjust_fee {
        return Err(VaultError::InvalidPermissions);
    }

    self.data.incentive = new_incentive;

    Self::emit_event(
        Self::env(),
        Event::IncentiveAdjusted(IncentiveAdjusted {
            new_incentive,
        }),
    );

    Ok(())

}

  1. Revised Code File (Optional)

    #[ink(message)]
pub fn adjust_incentive(&mut self, new_incentive: u16) -> Result<(), VaultError> {
let caller = Self::env().caller();

if caller != self.data.role_adjust_fee {
    return Err(VaultError::InvalidPermissions);
}

// Validate new incentive is within a reasonable range (e.g., 0 to 1000 basis points)
if new_incentive > 1000 {
    return Err(VaultError::InvalidIncentive);
}

self.data.incentive = new_incentive;

Self::emit_event(
    Self::env(),
    Event::IncentiveAdjusted(IncentiveAdjusted {
        new_incentive,
    }),
);

Ok(())
}

Recommendation:

Add validation checks to ensure new_incentive is within a reasonable range.

0xmahdirostami commented 1 month ago

Thank you for your submission. check: https://github.com/hats-finance/Kintsu-0x7d70f9442af3a9a0a734fa6a1b4857f25518e9d2/blob/c9bdc853b18c305de832307b91a9bca0f281f71e/src/vault/lib.rs#L664

bgibers commented 1 month ago

the validation is checked, and this will be managed by a governance council