Quote assets can be drained because raiseAssetTargets function is repeatedly called multiple times
Summary
The raiseAssetTargets function does not validate whether the rebalance duration has elapsed or not before allowing the asset targets to be raised. This result in it been called even after the rebalance duration has ended
Vulnerability Detail
The attacker, who is an allowed bidder, calls the raiseAssetTargets function.
The function checks if the rebalance duration is elapsed and if the targets can be raised. If the conditions are met, it increases the target units by updating the positionMultiplier in the rebalanceInfo storage mapping.
The attacker can continue calling the raiseAssetTargets function multiple times, increasing the target units each time.
As the target units increase, it becomes more profitable for the attacker to execute bids that exchange the rebalance components for the quote asset.
The attacker can execute bids to exchange the rebalance components for the quote asset at an advantageous price, taking advantage of the increased target units.
Impact
By executing bids repeatedly, the attacker can drain the quote asset from the contract, as the rebalance components are exchanged for the quote asset at the updated target units.
Introduce a state variable that keeps track of whether the asset targets have already been raised or not. If the targets have already been raised, the function will revert to prevent multiple calls. If the targets have not been raised, the function updates the state variable to true, indicating that the asset targets have been raised.
https://github.com/seerether/Index/blob/73abbfca39b9214c6ad6b40fc34bcf00fef49420/Indexmitigate2#L1-L29
seerether
high
Quote assets can be drained because raiseAssetTargets function is repeatedly called multiple times
Summary
The raiseAssetTargets function does not validate whether the rebalance duration has elapsed or not before allowing the asset targets to be raised. This result in it been called even after the rebalance duration has ended
Vulnerability Detail
The attacker, who is an allowed bidder, calls the raiseAssetTargets function. The function checks if the rebalance duration is elapsed and if the targets can be raised. If the conditions are met, it increases the target units by updating the positionMultiplier in the rebalanceInfo storage mapping. The attacker can continue calling the raiseAssetTargets function multiple times, increasing the target units each time. As the target units increase, it becomes more profitable for the attacker to execute bids that exchange the rebalance components for the quote asset. The attacker can execute bids to exchange the rebalance components for the quote asset at an advantageous price, taking advantage of the increased target units.
Impact
By executing bids repeatedly, the attacker can drain the quote asset from the contract, as the rebalance components are exchanged for the quote asset at the updated target units.
Code Snippet
https://github.com/sherlock-audit/2023-06-Index/blob/main/index-protocol/contracts/protocol/modules/v1/AuctionRebalanceModuleV1.sol#L359-L380
Tool used
Manual Review
Recommendation
Introduce a state variable that keeps track of whether the asset targets have already been raised or not. If the targets have already been raised, the function will revert to prevent multiple calls. If the targets have not been raised, the function updates the state variable to true, indicating that the asset targets have been raised. https://github.com/seerether/Index/blob/73abbfca39b9214c6ad6b40fc34bcf00fef49420/Indexmitigate2#L1-L29