setDeltaAllocationsInt() in the blacklist revert will cause the other also can not set
Summary
one protocol in the blacklist revert will cause the other also can not to be set
Vulnerability Detail
in setDeltaAllocationsInt() if _protocolNum in blacklist will revert
The code is as follows:
function setDeltaAllocationsInt(uint256 _protocolNum, int256 _allocation) internal {
require(!controller.getProtocolBlacklist(vaultNumber, _protocolNum), "Protocol on blacklist"); //<----revert if in blacklist
deltaAllocations[_protocolNum] += _allocation;
deltaAllocatedTokens += _allocation;
}
function receiveProtocolAllocationsInt(int256[] memory _deltas) internal {
for (uint i = 0; i < _deltas.length; i++) {
int256 allocation = _deltas[i];
if (allocation == 0) continue;
setDeltaAllocationsInt(i, allocation); //<----one in blacklist all will revert
}
deltaAllocationsReceived = true;
}
If one of them is on the blacklist, all the others cannot be set
Because most contracts are cyclic operation protocol lists, it is impossible to skip individually
So it should be if in the blacklist, then the corresponding protocol _allocation can only be reduced and not increased such as:
require(!controller.getProtocolBlacklist(vaultNumber, _protocolNum) || _allocation<=0, "Protocol on blacklist only reduced");
player can be reduced to 0
Impact
one protocol in the blacklist revert will cause the other also can not to be set
bin2chen
medium
setDeltaAllocationsInt() in the blacklist revert will cause the other also can not set
Summary
one protocol in the blacklist revert will cause the other also can not to be set
Vulnerability Detail
in setDeltaAllocationsInt() if _protocolNum in blacklist will revert The code is as follows:
If one of them is on the blacklist, all the others cannot be set Because most contracts are cyclic operation protocol lists, it is impossible to skip individually So it should be if in the blacklist, then the corresponding protocol _allocation can only be reduced and not increased such as:
require(!controller.getProtocolBlacklist(vaultNumber, _protocolNum) || _allocation<=0, "Protocol on blacklist only reduced");
player can be reduced to 0Impact
one protocol in the blacklist revert will cause the other also can not to be set
Code Snippet
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/Vault.sol#L397
Tool used
Manual Review
Recommendation
Duplicate of #192