sherlock-admin3
commented
6 months ago 2 comment(s) were left on this issue during the judging contest.
santipu_ commented:
Medium
takarez commented:
given the previous contest, this should be valid; medium(1)
Bauchibred
medium
Large amounts of points can still be minted virtually without any cost
Summary
Large amounts of points can be minted virtually without any cost. The points are intended to be used to exchange something of value. A malicious user could abuse this to obtain a large number of points, which could obtain excessive value and create unfairness among other protocol users.
Vulnerability Detail
Take a look at the previous report here to get the context.
Issue was tagged a
will Fixhowever going through the attack route as explained in the report on the current codebase, we can see that the only applied change is the query to vault.checkSkewMax(), where we now have the withdrawal fee passed to correctly assert that the system will not be too skewed towards longs after additional skew is added, however in a case wheretotalSupply() = 0i.e during the final withdrawal the executeWithdraw() function does not charge any fee whatsoever, leaving the protocol still vulnerable to the referenced report.Impact
Large amounts of points can be minted virtually without any cost. The points are intended to be used to exchange something of value. A malicious user could abuse this to obtain a large number of points, which could obtain excessive value from the protocol and create unfairness among other protocol users.
Code Snippet
https://github.com/sherlock-audit/2024-03-flat-money-fix-review-contest/blob/539341fdc92090c48792c454e35e5d739ee62820/flatcoin-v1/src/StableModule.sol#L93-L138
Tool used
Manual Review
Recommendation
Impose withdraw fee even for the final/last withdrawal so that no one could abuse this exception to perform any attack that was once not profitable due to the need to pay withdraw fee.
Duplicate of #10