search

sherlock-audit / 2023-01-derby-judging

4 stars 1 forks source link

bin2chen - setTotalUnderlyingInt() underlyingReceived Counting may be incorrect #382

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

bin2chen

medium

setTotalUnderlyingInt() underlyingReceived Counting may be incorrect

Summary

setTotalUnderlyingInt() underlyingReceived Counting may be incorrect

Vulnerability Detail

setTotalUnderlyingInt() will be ++ for underlyingReceived code as follows:

  function setTotalUnderlyingInt(
    uint256 _vaultNumber,
    uint32 _chainId,
    uint256 _underlying,
    uint256 _totalSupply,
    uint256 _withdrawalRequests
  ) internal {
    vaults[_vaultNumber].totalUnderlyingPerChain[_chainId] = _underlying;
    vaults[_vaultNumber].withdrawalRequests[_chainId] = _withdrawalRequests;
    vaults[_vaultNumber].totalSupply += _totalSupply;
    vaults[_vaultNumber].totalUnderlying += _underlying;
    vaults[_vaultNumber].totalWithdrawalRequests += _withdrawalRequests;
    vaultStage[_vaultNumber].underlyingReceived++; //<------underlyingReceived will ++
  }
underlyingReceived: underlyings received from all active vault contracts

But the current operation does not determine whether the current vault is an activeVault Non-active vault will also +++ Must be added to be activeVault before ++, to avoid calculation errors

Impact

underlyingReceived Counting may be incorrect

Code Snippet

https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/XChainController.sol#L288

Tool used

Manual Review

Recommendation

  function setTotalUnderlyingInt(
    uint256 _vaultNumber,
    uint32 _chainId,
    uint256 _underlying,
    uint256 _totalSupply,
    uint256 _withdrawalRequests
  ) internal {
    vaults[_vaultNumber].totalUnderlyingPerChain[_chainId] = _underlying;
    vaults[_vaultNumber].withdrawalRequests[_chainId] = _withdrawalRequests;
    vaults[_vaultNumber].totalSupply += _totalSupply;
    vaults[_vaultNumber].totalUnderlying += _underlying;
    vaults[_vaultNumber].totalWithdrawalRequests += _withdrawalRequests;
+   if (!vaults[_vaultNumber].chainIdOff[_chainId]){    
      vaultStage[_vaultNumber].underlyingReceived++; 
+   }
  }