search

hats-finance / SeeR-PM-0x899bc13919880db76edf4ccd72bdfa5dfa666fb7

1 stars 0 forks source link

redeemToBase can be skip due to depend on the balance of the contract #10

Open hats-bug-reporter[bot] opened 1 month ago

hats-bug-reporter[bot] commented 1 month ago

Github username: -- Twitter username: -- Submission hash (on-chain): 0x8f75139dfc279e2f83237377d7da92e837f1a8c37a23f241df58192fff4de6b5 Severity: low

Description:

Description

redeemToBase can be skip due to depend on the balance of the contract 

 function redeemToBase(Market market, uint256[] calldata outcomeIndexes) external {
        uint256 initialBalance = sDAI.balanceOf(address(this));

        _redeemPositions(sDAI, market, outcomeIndexes);

        uint256 finalBalance = sDAI.balanceOf(address(this));

        if (finalBalance > initialBalance) {
            sDAI.approve(address(savingsXDaiAdapter), finalBalance - initialBalance);
            savingsXDaiAdapter.redeemXDAI(finalBalance - initialBalance, msg.sender);
        }
    }

Any user can directly front-run and send the tokens to contract which makes bigger than final balance then the redeeming can be skipped.

clesaege commented 1 month ago

I couldn't understand this report. Please provide a clear example (which functions are called and by whom) leading to an issue.