search

sherlock-audit / 2023-12-dodo-gsp-judging

6 stars 5 forks source link

mike-watson - Overestimation of Redeemable Tokens in `GSPFunding.sol` #89

Closed sherlock-admin2 closed 6 months ago

sherlock-admin2 commented 6 months ago

mike-watson

medium

Overestimation of Redeemable Tokens in GSPFunding.sol

Summary

The sellShares function in the GSPFunding.sol contract may allow redeemers to receive more base and quote tokens than they are entitled to. This issue arises due to the method of calculating the available token balances, which includes tokens that may have been sent to the contract address directly or accidentally.

Vulnerability Detail

In the sellShares function, the available balances of base and quote tokens are calculated using the contract's total token balance (_BASE_TOKEN_.balanceOf(address(this)) and _QUOTE_TOKEN_.balanceOf(address(this))). However, this approach does not account for tokens that might have been sent to the contract's address outside of the intended deposit mechanisms. As a result, these externally sent tokens are incorrectly included in the redeemable balance, potentially allowing redeemers to withdraw more than their share.

Impact

If additional tokens are sent to the contract address, either intentionally or accidentally, they would be included in the redeemable pool. This could lead to an unfair distribution of these extra tokens among the redeemers, potentially depleting the contract's reserves and affecting its financial integrity.

Code Snippet

Tool used

Manual Review

Recommendation

Instead of relying on the balanceOf function to determine the redeemable token amounts, the contract should internally track the total supply of both base and quote tokens (totalBaseTokens, totalQuoteTokens). Implement internal accounting for all token deposit and withdrawal operations to accurately reflect the actual token amounts that should be available for redemption. This change will ensure that the redeemable token amounts are calculated based on the intended deposits and withdrawals, excluding any external token transfers to the contract address.

nevillehuang commented 6 months ago

Invalid, if other users wants to donate and allow other users to buy more shares or sell shares to gain back more base and quote token, it is their responsibility, not issue in the contracts.