Unchecked Percentage Allocation in Rebalance Function Allows Excessive Asset Distribution
Summary
The rebalance function in the smart contract does not properly validate the length of the percentages array against the number of supported money markets, potentially leading to incorrect fund distribution or function reverts.
Vulnerability Detail
The function attempts to rebalance tokens across multiple money markets based on provided percentages. However, it doesn't verify that the length of the percentages array matches the number of supported money markets minus one (as the last market receives the remainder). This can lead to two issues:
If percentages is shorter than expected, some markets will not receive funds.
If percentages is longer than expected, the function will attempt to access non-existent money markets, causing a revert.
The function only checks for parity after filtering for supported markets:
if (percentagesLength + 1 != supportedMoneyMarketsSize) revert NotParity();
This check comes too late in the function execution and doesn't prevent the initial mismatch.
Nyxaris
Medium
Unchecked Percentage Allocation in Rebalance Function Allows Excessive Asset Distribution
Summary
The
rebalance
function in the smart contract does not properly validate the length of the percentages array against the number of supported money markets, potentially leading to incorrect fund distribution or function reverts.Vulnerability Detail
The function attempts to
rebalance
tokens across multiple money markets based on providedpercentages
. However, it doesn't verify that the length of the percentages array matches the number of supported money markets minus one (as the last market receives the remainder). This can lead to two issues:If
percentages
is shorter than expected, some markets will not receive funds. Ifpercentages
is longer than expected, the function will attempt to access non-existent money markets, causing a revert.The function only checks for parity after filtering for supported markets:
This check comes too late in the function execution and doesn't prevent the initial mismatch.
Impact
https://github.com/sherlock-audit/2024-06-union-finance-update-2/blob/main/union-v2-contracts/contracts/asset/AaveV3Adapter.sol#L1
Code Snippet
Tool used
Manual Review
Recommendation
1..) Add an early check to validate the length of the percentages array:
2.) Consider adding a check to ensure the sum of percentages does not exceed 10000: