XO-withdrawCollateral function allows attacker to withdraw more collateral than they have deposited.
Summary
The withdrawCollateral function in the code you provided does not check to make sure that the amount is greater than or equal to the amount of collateral that the user has deposited. This means that an attacker could call this function with a negative amount, and the function would succeed, even though the user does not have enough collateral to withdraw.
Vulnerability Detail
interface IInsurancePool {
function depositCollateral(address token, uint256 amount) external;
function withdrawCollateral(address token, uint256 amount) external;
function receivePortfolio(address token, uint256 amount) external;
function sendPortfolio(address token, address receiver, uint256 amount) external;
function GUARDIAN_ROLE() external view returns (bytes32);
function WITHDRAWER_ROLE() external view returns (bytes32);
function getCollateral(address token) external view returns (uint256);
function getPortfolio(address token) external view returns (uint256);
}
There is a vulnerability in IInsurancePool interface, the problem is in the withdrawCollateral() function,it's does not check to make sure that the amount is greater than or equal to the amount of collateral that the user has deposited. This means that an attacker could call this function with a negative amount, and the function would succeed, even though the user does not have enough collateral to withdraw.
Impact
This vulnerability allows an attacker to withdraw more collateral than they have deposited.
-Adding a check to the withdrawCollateral function to make sure that the amount is greater than or equal to the amount of collateral that the user has deposited.
XDZIBEC
high
XO-withdrawCollateral function allows attacker to withdraw more collateral than they have deposited.
Summary
The
withdrawCollateral
function in the code you provided does not check to make sure that the amount is greater than or equal to the amount of collateral that the user has deposited. This means that an attacker could call this function with a negativeamount
, and the function would succeed, even though the user does not have enoughcollateral
towithdraw
.Vulnerability Detail
IInsurancePool
interface, the problem is in thewithdrawCollateral()
function,it's does not check to make sure that theamount
is greater than or equal to theamount
ofcollateral
that the user hasdeposited
. This means that an attacker could call this function with a negativeamount
, and the function wouldsucceed
, even though the user does not have enoughcollateral
towithdraw
.Impact
Code Snippet
Tool used
Manual Review
Recommendation
-Adding a check to the
withdrawCollateral
function to make sure that theamount
is greater than or equal to theamount
ofcollateral
that the user hasdeposited
.