search

sherlock-audit / 2023-05-ironbank-judging

2 stars 2 forks source link

Nyx - Users wont exit market correctly when input amount is not uint256.max #463

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

Nyx

medium

Users wont exit market correctly when input amount is not uint256.max

Summary

Vulnerability Detail

if (amount == type(uint256).max) { 
            ibTokenAmount = userSupply;
            amount = (ibTokenAmount * _getExchangeRate(m)) / 1e18;
            isRedeemFull = true;
        } else {
            ibTokenAmount = (amount * 1e18) / _getExchangeRate(m);
        }

If the user doesn't use type(uint256).max for the input amount but fully redeems his assets, the user won't exit the market because isRedeemFull won't be true.

if (isRedeemFull && _getBorrowBalance(m, from) == 0) {
            _exitMarket(market, from);
        }
address[] memory userEnteredMarkets = allEnteredMarkets[user]; 
        for (uint256 i = 0; i < userEnteredMarkets.length; i++) {

When users don't exit the market correctly and continue entering new markets, allEnteredMarkets will grow too much and out of gas _isLiquidatable() and _getAccountLiquidity() functions.

Impact

Users may not correctly exit market and can DOS liquidate function.

Code Snippet

https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/src/protocol/pool/IronBank.sol#L421-L427

https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/src/protocol/pool/IronBank.sol#L441-L443

https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/src/protocol/pool/IronBank.sol#L1069-L1070

Tool used

Manual Review

Recommendation

if (amount == type(uint256).max || amount >= userSupply ) { 
            ibTokenAmount = userSupply;
            amount = (ibTokenAmount * _getExchangeRate(m)) / 1e18;
            isRedeemFull = true;
        }