Closed sherlock-admin closed 1 year ago
ak1
medium
pushAllocationsToVaults
pushAllocationsToVaults - acts as Trigger to push delta allocations in protocols to cross chain vaults. pushes deltaAllocations to vaults.
The cross chain call is done based on below check,
require(isXChainRebalancing[_vaultNumber][_chain], "Vault is not rebalancing");
But the issue here is, the isXChainRebalancing[_vaultNumber][_chain] state is updated after the cross chain call.
isXChainRebalancing[_vaultNumber][_chain]
Refer the summary section.
repeated allocation for vault which might end with accounting issue.
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/Game.sol#L465-L477
Manual Review
isXChainRebalancing[_vaultNumber][_chain] = false
protocolAllocationsToArray
pushProtocolAllocationsToVault
ak1
medium
Game.sol#L465 :
pushAllocationsToVaults
is harmed for reentrancy as state is update after the operation.Summary
pushAllocationsToVaults - acts as Trigger to push delta allocations in protocols to cross chain vaults. pushes deltaAllocations to vaults.
The cross chain call is done based on below check,
But the issue here is, the
isXChainRebalancing[_vaultNumber][_chain]
state is updated after the cross chain call.Vulnerability Detail
Refer the summary section.
Impact
repeated allocation for vault which might end with accounting issue.
Code Snippet
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/Game.sol#L465-L477
Tool used
Manual Review
Recommendation
isXChainRebalancing[_vaultNumber][_chain] = false
before calling theprotocolAllocationsToArray
andpushProtocolAllocationsToVault