Open sherlock-admin4 opened 1 week ago
the code describes the amount as follows:
/// @param amount The exact amount of collateral to transfer to the emergency reserve, specified in 18 decimal places.
The fact that this is not verified and processed in the code means that the system is a security risk and could be exploited by a malicious user to lose funds.
danyilbalko
Medium
The depositToReserveVault function must ensure arithmetic precision for the amount value.
Summary
In the AccountFacetImpl.sol file,
the deposit function added a value to balances by ensuring arithmetic precision for the amount value,
but the depositToReserveVault function did not do so.
This can cause a loss of funds due to arithmetic errors in the system.
Root Cause
https://github.com/sherlock-audit/2024-09-symmio-v0-8-4-update-contest/blob/main/protocol-core/contracts/facets/Account/AccountFacetImpl.sol#L119
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
The system uses precision up to 18 decimal places for the balance value, so the arithmetic precision of the balances and reserveVault values in the depositToReserveVault and withdrawalFromReserveVault functions must be the same. Otherwise, funds will be lost due to arithmetic errors.
Mitigation