Open hats-bug-reporter[bot] opened 3 months ago
Thank you for submitting the issue. We've resolved it and pushed the changes, which can be found here: https://github.com/Velvet-Capital/velvet-core/commit/25ef3e7a2bdf56f57901dba2f84ebf5ed5df7835
@burhankhaja
Github username: @burhankhaja Twitter username: imaybeghost Submission hash (on-chain): 0xa368a2695345cddf028cc558ffd6ecaa8b47ffc01f0730da1db9025449108b83 Severity: low
Description: Description\ Velvet protocol uses two types of
_currentSnapshotId()
, both with different purposes:Note that the
_currentSnapshotId
of TokenExclusiveManager is properly updated and is used to track the snapshot id.But on the otherhand, vaultConfig's
_currentSnapshotId
is intended to be tracking the No of token updates by the Rebalancing contract.However, it is neither initialized nor is it updated anywhere across the whole protocol.
Recommendation\ increment
_currentSnapshotId
in updateTokenList(address[]) and initToken(address[])similarly for initToken()
Attack Scenario\ It is just the logic flaw, where the business function of vaultConfig's
_currentSnapshotId
is affected, as a result the protocol can't track the token update versioning.Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)