search

sherlock-audit / 2023-05-ironbank-judging

2 stars 2 forks source link

josephdara - Wrong Storage Slot Calculation #389

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

josephdara

medium

Wrong Storage Slot Calculation

Summary

There is a wrong storage slot calculation which could impact some major parts of the project if optimizations are made based on this. in DataTypes.sol , there is the MarketConfig Struct which has this bug

Vulnerability Detail

   struct MarketConfig {
        // 1 + 1 + 2 + 2 + 2 + 2 + 1 = 11
        bool isListed;
        uint8 pauseFlags;
        uint16 collateralFactor;
        uint16 liquidationThreshold;
        uint16 liquidationBonus;
        uint16 reserveFactor;
        bool isPToken;
        //@audit-issue wrong storage slot calculation
        // 20 + 20 + 20 + 32 + 32 + 32
        address ibTokenAddress;
        address debtTokenAddress;
        address pTokenAddress;
        address interestRateModelAddress;
        uint256 supplyCap;
        uint256 borrowCap;
        uint256 initialExchangeRate;
    }

Here we can see the issue where the second calculation is made, we have 4 addresses which consume 20 bytes each and 3 uint256 values which contain 32 bytes each. But in the calculation, only 3 addresses were added.

Impact

This could lead to overwriting of values in the same storage slot if assembly is used.

Code Snippet

https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/src/libraries/DataTypes.sol#L11-L28

Tool used

Manual Review

Recommendation

Storage slots calculations should be verified