search

hats-finance / Possum-Labs--Portals--0xed8965d49b8aeca763447d56e6da7f4e0506b2d3

GNU General Public License v2.0
0 stars 2 forks source link

Can inflate portalEnergy #44

Open hats-bug-reporter[bot] opened 1 year ago

hats-bug-reporter[bot] commented 1 year ago

Github username: @@ethanbennett Twitter username: @thre3th Submission hash (on-chain): 0xd18e8a8ec7a8368f738561d9d40347a4119fc0654b0d457cdf66cb478c06ebea Severity: high

Description: Description\ Description forthcoming

Attack Scenario\ Description forthcoming

Attachments

  1. Proof of Concept (PoC) File https://gist.github.com/ethanbennett/0b2c8e85089b89588eeebfc602cf0763

  2. Revised Code File (Optional)

ethanbennett commented 1 year ago

Apologies for the disjointed report, but I was unable to submit my descriptions initially.

Due to rounding errors in the calculation of portalEnergy when a user unstakes, it is possible to unstake funds without the portal deducting the proper amount of portalEnergy. This can be exploited as seen in the above PoC, where an attacker can use just 40 principal tokens to inflate their portalEnergy to 80, and then confirms that it has all the principal tokens and 80 portal energy tokens at the end of the transaction.

I will fill in further details, but I wanted to get a serviceable description up as soon as I could after submitting.

Edit: I resubmitted as a full report just in case this was invalid for receiving awards. Sorry to spam the issues!