XO-`SyncTo` function does not check if the `versionTo` is actually greater than or equal to the `latestVersion` .

Summary

syncTo function is vulnerable . The function lacks a check to ensure that the provided versionTo is greater than or equal to the latestVersion stored in the contract. This allows an attacker to create a malicious versionTo that is lower than the latestVersion and trigger a contract revert by calling the syncTo function.

Vulnerability Detail

*/
function syncTo(
    AccountAccumulator storage self,
    VersionedAccumulator storage global,
    AccountPosition storage position,
    uint256 versionTo
) internal returns (Accumulator memory value) {
    Accumulator memory valueAccumulated = global.valueAtVersion(versionTo)
        .sub(global.valueAtVersion(self.latestVersion));
    value = position.position.mul(valueAccumulated);
    self.latestVersion = versionTo;
}
}

There is a vulenrability in the syncTo function, so the problem is in the line in the function does not check if the versionTo is actually greater than or equal to the latestVersion. This means that an attacker could create a malicious versionTo that is less than the latestVersion. If the attacker were able to do this, they could then call the syncTo function and cause the contract to revert.
Impact
An attacker create a malicious versionTo that is less than the latestVersion. If the attacker were able to do this, they could then call the syncTo function and cause the contract to revert.
Code Snippet
https://github.com/sherlock-audit/2023-05-perennial/blob/main/perennial-mono/packages/perennial/contracts/product/types/accumulator/AccountAccumulator.sol#L34
Tool used

Manual Review

Recommendation

add thisrequire(versionTo >= self.latestVersion); to check if the versionTo is actually greater than or equal to the latestVersion. If it is not, the function will revert.

sherlock-audit / 2023-05-perennial-judging

XDZIBEC - XO-` SyncTo` function does not check if the ` versionTo` is actually greater than or equal to the ` latestVersion` . #165

XO-`SyncTo` function does not check if the `versionTo` is actually greater than or equal to the `latestVersion` .

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-audit / 2023-05-perennial-judging

XDZIBEC - XO-` SyncTo` function does not check if the ` versionTo` is actually greater than or equal to the ` latestVersion` . #165

XO-SyncTo function does not check if the versionTo is actually greater than or equal to the latestVersion .

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

XO-`SyncTo` function does not check if the `versionTo` is actually greater than or equal to the `latestVersion` .