search

hats-finance / Tokemak-0x4a2d708ea6b0c04186ecb774cfad1e50fb5efc0b

0 stars 0 forks source link

Off-by-one issue in verifyRebalance() #17

Open hats-bug-reporter[bot] opened 5 months ago

hats-bug-reporter[bot] commented 5 months ago

Github username: @kristiyanmaslarov Twitter username: MaslarovK Submission hash (on-chain): 0xdaa74e5894e648c8949977b3863df92ac248d34600c2d060cddeb8c694f99ede Severity: low

Description: Description\ In the verifyRebalance function, there is an if statement, which checks if the swap cost has been exceeded:

if (predictedGainAtOffsetEnd <= convertUintToInt(valueStats.swapCost)) revert SwapCostExceeded();

But the check should be exclusive of the predictedGainAtOffsetEnd as this is the limit and the cost would be exceeded after it.

Attack Scenario\ Describe how the vulnerability can be exploited.

Attachments

  1. Proof of Concept (PoC) File

  2. Revised Code File (Optional)

  3. To mitigate this issue please change the code as follows:

    if (predictedGainAtOffsetEnd < convertUintToInt(valueStats.swapCost)) revert SwapCostExceeded();
codenutt commented 5 months ago

When the predicted gain and the cost are the same, there is no incremental value gain on this trade, we have no reason to do it. This is why it is <=