search

sherlock-audit / 2023-06-Index-judging

6 stars 2 forks source link

ww4tson - Wrong sign leads to logic bug #83

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

ww4tson

high

Wrong sign leads to logic bug

Summary

Vulnerability Detail

index-protocol/contracts/protocol/modules/v1/AuctionRebalanceModuleV1.sol

    function _validateQuoteAssetQuantity(bool isSellAuction, uint256 quoteAssetQuantity, uint256 _quoteQuantityLimit, uint256 preBidTokenSentBalance) private pure {
        if (isSellAuction) {
            require(quoteAssetQuantity <= _quoteQuantityLimit, "Quote asset quantity exceeds limit");
        } else {
            require(quoteAssetQuantity >= _quoteQuantityLimit, "Quote asset quantity below limit");
>>            require(quoteAssetQuantity <= preBidTokenSentBalance, "Insufficient quote asset balance");
        }
    }

According to auction logic, the marked line should have >, not <=.

Impact

As this is against the protocol design, it can lead to several problems including DoS, stuck/loss of initial user funds, preventing further bids.

Code Snippet

https://github.com/IndexCoop/index-protocol/blob/663e64efaa95df2247afa8926d4cfb42948f54fe/contracts/protocol/modules/v1/AuctionRebalanceModuleV1.sol#L872

Tool used

Manual Review

Recommendation

Should be

            require(quoteAssetQuantity > preBidTokenSentBalance, "Insufficient quote asset balance");