search

sherlock-audit / 2023-12-flatmoney-judging

9 stars 8 forks source link

shaka - `StableModule.executeWithdraw` reverts when the stable collateral per share is lower than 1e6 #221

Closed sherlock-admin closed 5 months ago

sherlock-admin commented 5 months ago

shaka

medium

StableModule.executeWithdraw reverts when the stable collateral per share is lower than 1e6

Summary

StableModule.executeWithdraw reverts when the stable collateral per share is lower than 1e6.

Vulnerability Detail

StableModule.executeWithdraw has a check to prevent significant impact on stable token price during withdrawal.

The problem is that when the stable collateral per share is lower than 1e6, the check will provoke a revert due to an underflow error.

Impact

Stable token holder will not be able to withdraw their funds when the stable collateral per share is lower than 1e6.

Code Snippet

https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/StableModule.sol#L122

Tool used

Manual Review

Recommendation

File: StableModule.sol

        if (totalSupply() > 0) {
            if (
                stableCollateralPerShareAfter < stableCollateralPerShareBefore - 1e6 ||
+               (stableCollateralPerShareBefore >= 1e6 && stableCollateralPerShareAfter < stableCollateralPerShareBefore - 1e6) ||
                stableCollateralPerShareAfter > stableCollateralPerShareBefore + 1e6
            ) revert FlatcoinErrors.PriceImpactDuringWithdraw();
sherlock-admin commented 5 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid

nevillehuang commented 5 months ago

Invalid, stableCollateralPerShare will have a minimum value of 1e18 as seen here