search

sherlock-audit / 2022-09-notional-judging

4 stars 2 forks source link

csanuragjain - Attacker can make settleVaultNormal unavailable by increasing cooldown period #105

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

csanuragjain

medium

Attacker can make settleVaultNormal unavailable by increasing cooldown period

Summary

Attacker can increase the cooldown period in such a way that settleVaultNormal is never available and users would need to resort to post maturity settlement

Vulnerability Detail

  1. Attacker call settleVaultNormal (could keep 0 strategyTokensToRedeem)
  2. This extends lastSettlementTimestamp to current block timestamp
context.baseStrategy.vaultState.lastSettlementTimestamp = uint32(block.timestamp);
  1. Now user wont be able to settle vault normally till cooldown period is reached
SettlementUtils._validateCoolDown(
            context.baseStrategy.vaultState.lastSettlementTimestamp,
            context.baseStrategy.vaultSettings.settlementCoolDownInMinutes
        );
  1. Once cooldown period is over, Attacker immediately again repeat previous step 1-3 making this function completely unavailable for normal users

Impact

Users wont be able to settle vault normally and will be forced to wait till maturity in order to use post maturity settlement

Code Snippet

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/MetaStable2TokenAuraVault.sol#L128 https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/vaults/Boosted3TokenAuraVault.sol#L123

Tool used

Manual Review

Recommendation

lastSettlementTimestamp should be user specific which will make the cooldown period also tied to user thus solving this issue

jeffywu commented 1 year ago

I don't think this is a duplicate of #84 since it refers to a different contract.

I would consider this low severity, it's not clear why someone would do this and burn gas to do so.