Closed sherlock-admin2 closed 7 months ago
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
$1e-6 can be freely minted, can't even compensate gas
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
$1e-6 can be freely minted, can't even compensate gas
infect3d
medium
Wrong rouding direction in mintDollar make it possible to mint Dollars against 0 collateral
Summary
Vulnerability Detail
The
getDollarInCollateral(uint256 collateralIndex, uint256 dollarAmount)
function round down the value, and is used in both themintDollar
andredeemDollar
functions.While its a correct implementation in the
redeemDollar
, it is not for themintDollar
as it make it possible for a user to mint Dollar tokens against 0 of his collateral due to the rounding down of thecollateralNeeded
result.This can though only happen with collateral with decimals <18, and these kind of tokens seems expected in the future as there's a parameter dedicated for that
Impact
Leak of value for the pool, that will add up over time. The last user of the pool will not be able to redeem its whole balance (user could also be a smart-contract always redeeming the exact balance it minted)
Code Snippet
https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#293 https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#355
Tool used
Manual Review
Recommendation
Round up as it is expected for such operations, or ensure that
collateralNeeded > 0
when mintingDuplicate of #7