search

hats-finance / Tokemak-0x4a2d708ea6b0c04186ecb774cfad1e50fb5efc0b

0 stars 0 forks source link

`rebalanceSuccessfullyExecuted()` not validate input `params`. #24

Open hats-bug-reporter[bot] opened 5 months ago

hats-bug-reporter[bot] commented 5 months ago

Github username: @jraynaldi3 Twitter username: JuliusRaynaldi Submission hash (on-chain): 0x451906e374004efc3d816237dd6c74d84ec3038d4f5f9f55fb234399de4a7698 Severity: medium

Description: Description\ rebalanceSuccessfullyExecuted() , does not perform sufficient validation checks on its input variables. This lack of input validation introduces a high vulnerability, potentially exposing the contract to various security risks.

Unvalidated input including :

Attachments

  1. Proof of Concept (PoC) File

Missing input variable validation in this code line below line :


912    /// @inheritdoc ILMPStrategy
913    function rebalanceSuccessfullyExecuted(IStrategy.RebalanceParams memory params) external onlyLMPVault {
914        ...
939
940    }

code link

rebalanceSuccessfullyExecuted is a function that can alter the storage state it's recommended to give the input parameter a proper validation.

  1. Revised Code File (Optional)

add validation for rebalanceSuccesfullyExecuted function by adding validateRebalanceParams(params) before anything else inside the function 


912    /// @inheritdoc ILMPStrategy
913    function rebalanceSuccessfullyExecuted(IStrategy.RebalanceParams memory params) external onlyLMPVault {
++          validateRebalanceParams(params);
914        ...
939
940    }
codenutt commented 5 months ago

As per the documentation provided in the audit, the "Call Flow to the Strategy" section, the rebalanceSuccessfullyExecuted only occurs after verifyRebalance() is called. validateRebalanceParams is called there and will revert if necessary.