Closed rcstanciu closed 1 year ago
8olidity
medium
MaxBorrowMarketIndex does not limit borrowAndEnterVault() DOS
poc
UpdateVault () updates the vaultConfig file
Set maxBorrowMarketIndex to a small value
When a user calls borrowAndEnterVault() it will run to checkValidMaturity()
Require (marketIndex <= maxBorrowMarketIndex, "Invalid Maturity"); The judgment may fail, causing the function to fail
https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/contracts/external/actions/VaultAction.sol#L27
// contracts-v2/contracts/external/actions/VaultAction.sol function updateVault( address vaultAddress, VaultConfigStorage calldata vaultConfig, uint80 maxPrimaryBorrowCapacity ) external override onlyOwner { VaultConfiguration.setVaultConfig(vaultAddress, vaultConfig); VaultConfiguration.setMaxBorrowCapacity(vaultAddress, vaultConfig.borrowCurrencyId, maxPrimaryBorrowCapacity); bool enabled = (vaultConfig.flags & VaultConfiguration.ENABLED) == VaultConfiguration.ENABLED; emit VaultUpdated(vaultAddress, enabled, maxPrimaryBorrowCapacity); } // contracts-v2/contracts/internal/vaults/VaultAccount.sol function borrowAndEnterVault( VaultAccount memory vaultAccount, VaultConfig memory vaultConfig, uint256 maturity, uint256 fCashToBorrow, uint32 maxBorrowRate, bytes calldata vaultData, uint256 strategyTokenDeposit, uint256 additionalUnderlyingExternal ) internal returns (uint256 strategyTokensAdded) { ...... VaultConfiguration.checkValidMaturity( vaultConfig.borrowCurrencyId, maturity, vaultConfig.maxBorrowMarketIndex, block.timestamp ); // contracts-v2/contracts/internal/vaults/VaultConfiguration.sol function checkValidMaturity( uint16 currencyId, uint256 maturity, uint256 maxBorrowMarketIndex, uint256 blockTime ) internal view returns (uint256 marketIndex) { bool isIdiosyncratic; uint8 maxMarketIndex = CashGroup.getMaxMarketIndex(currencyId); (marketIndex, isIdiosyncratic) = DateTime.getMarketIndex(maxMarketIndex, maturity, blockTime); require(marketIndex <= maxBorrowMarketIndex, "Invalid Maturity"); require(!isIdiosyncratic, "Invalid Maturity"); }
vscode Manual Review
check maxBorrowMarketIndex
8olidity
medium
MaxBorrowMarketIndex does not limit borrowAndEnterVault() DOS
Summary
MaxBorrowMarketIndex does not limit borrowAndEnterVault() DOS
Vulnerability Detail
poc
UpdateVault () updates the vaultConfig file
Set maxBorrowMarketIndex to a small value
When a user calls borrowAndEnterVault() it will run to checkValidMaturity()
Require (marketIndex <= maxBorrowMarketIndex, "Invalid Maturity"); The judgment may fail, causing the function to fail
Impact
MaxBorrowMarketIndex does not limit borrowAndEnterVault() DOS
Code Snippet
https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/contracts/external/actions/VaultAction.sol#L27
Tool used
vscode Manual Review
Recommendation
check maxBorrowMarketIndex