search

sherlock-audit / 2023-05-USSD-judging

9 stars 7 forks source link

m4ttm - Incorrect assumption on call reverting when DAI is not purchased #954

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

m4ttm

medium

Incorrect assumption on call reverting when DAI is not purchased

Summary

Incorrect assumption on call reverting when DAI is not purchased leads to execution continuing when DAI has not been purchased

Vulnerability Detail

In L170 and L174 the previous DAI balance is stored in daibought and then subtracted from the current DAI balance. This subtraction will not revert if no DAI has been bought as assumed by the comments, it will result in a value of 0

Impact

An attempt to rebalance and sell USSD which does not result in DAI being purchased will be valid and not revert as desired

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSDRebalancer.sol#L167

if (uniPool.token0() == USSD) {
    daibought = IERC20Upgradeable(baseAsset).balanceOf(USSD);
    IUSSD(USSD).UniV3SwapInput(bytes.concat(abi.encodePacked(uniPool.token0(), hex"0001f4", uniPool.token1())), amount);
    daibought = IERC20Upgradeable(baseAsset).balanceOf(USSD) - daibought; // would revert if not bought
} else {
    daibought = IERC20Upgradeable(baseAsset).balanceOf(USSD);
    IUSSD(USSD).UniV3SwapInput(bytes.concat(abi.encodePacked(uniPool.token1(), hex"0001f4", uniPool.token0())), amount);
    daibought = IERC20Upgradeable(baseAsset).balanceOf(USSD) - daibought; // would revert if not bought
}

Tool used

Manual Review

Recommendation

Check that the DAI balance has increased, ideally by at least a desired amount