search

sherlock-audit / 2024-05-beefy-cowcentrated-liquidity-manager-judging

5 stars 5 forks source link

Niser - A wrong setting of the BeefyFeeConfig can block StrategyPassiveManagerVelodrome.harvest() functionality #64

Closed sherlock-admin4 closed 3 months ago

sherlock-admin4 commented 3 months ago

Niser

medium

A wrong setting of the BeefyFeeConfig can block StrategyPassiveManagerVelodrome.harvest() functionality

Summary

If the strategist sets the beefyFeeConfig wrongly, having the StratFeeManagerInitializable.getFees returns greater than the StratFeeManagerInitializable.DIVISOR constant, the StrategyPassiveManagerVelodrome._harvest() method will revert forever.

Vulnerability Detail

The _chargeFees method uses the StratFeeManagerInitializable.DIVISOR constant and the StratFeeManagerInitializable.getFees() method to calculate the amount to swap (Lines StrategyPassiveManagerVelodrome.sol#L486-L487):

485         // Calculate amount of token 0 to swap for fees.
486         uint256 amountToSwap = _amount * fee.total / DIVISOR;
487         _amountLeft = _amount - amountToSwap;

If fee.total > DIVISOR, then the amountToSwap > _amount, and the line 487 will revert.

fee.total is computed in line StrategyPassiveManagerVelodrome.sol#L480:

480         IFeeConfig.FeeCategory memory fee = getFees();

The getFees method is implemented in StratFeeManagerInitializable.sol#L115-L117:

115       function getFees() internal view returns (IFeeConfig.FeeCategory memory) {
116             return beefyFeeConfig().getFees(address(this));
117       }

It takes the configuration setted using the StrategyFactory.setBeefyFeeConfig() method:

170   function setBeefyFeeConfig(address _beefyFeeConfig) external onlyOwner {
171        beefyFeeConfig = _beefyFeeConfig;
172        emit SetBeefyFeeConfig(_beefyFeeConfig);
173   }

Impact

The StrategyPassiveManagerVelodrome._harvest() method can be not-callable for a period.

Code Snippet

170   function setBeefyFeeConfig(address _beefyFeeConfig) external onlyOwner {
171        beefyFeeConfig = _beefyFeeConfig;
172        emit SetBeefyFeeConfig(_beefyFeeConfig);
173   }

Tool used

Manual Review

Recommendation

Having a check in the StrategyFactory.setBeefyFeeConfig() method](https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/main/cowcentrated-contracts/contracts/strategies/StrategyFactory.sol#L170-L173) to have the fee.total less than StratFeeManagerInitializable.DIVISOR

sherlock-admin3 commented 3 months ago

2 comment(s) were left on this issue during the judging contest.

z3s commented:

Invalid; admins are TRUSTED

DHTNS commented:

Low -> depends on admin error