Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

maxAmount and balance #357

Open
code423n4 opened this issue Dec 1, 2021 · 1 comment
Open

maxAmount and balance #357

code423n4 opened this issue Dec 1, 2021 · 1 comment
Labels
1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")

Comments

@code423n4
Copy link
Contributor

Handle

pauliax

Vulnerability details

Impact

I think this if check is incorrect, because in theory maxAmount parameter can be greater than totalMaltBalance:

    if (rewards <= deployedCapital && maxAmount != totalMaltBalance) {
      // If all malt is spent we want to reset deployed capital
      deployedCapital = deployedCapital - rewards;
    } else {
      deployedCapital = 0;
    }

Recommended Mitigation Steps

If my assumption is correct, the check should use balance, not maxAmount:
``solidity
balance != totalMaltBalance

Another possible solution:
``solidity
  maxAmount <= totalMaltBalance

However, I think the best approach would be to eliminate 'balance' altogether:

  uint256 totalMaltBalance = malt.balanceOf(address(this));

  if (totalMaltBalance == 0) {
    return 0;
  }

  (uint256 basis,) = costBasis();

  if (maxAmount > totalMaltBalance) {
    maxAmount = totalMaltBalance;
  }

  malt.safeTransfer(address(dexHandler), maxAmount);
  uint256 rewards = dexHandler.sellMalt();

  if (rewards <= deployedCapital && maxAmount < totalMaltBalance) {
    // If all malt is spent we want to reset deployed capital
    deployedCapital = deployedCapital - rewards;
  } else {
    deployedCapital = 0;
  }
@code423n4 code423n4 added 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working labels Dec 1, 2021
code423n4 added a commit that referenced this issue Dec 1, 2021
@code423n4
pauliax issue #357
ebb5b49
@0xScotch 0xScotch added the sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") label Dec 8, 2021
@0xScotch 0xScotch mentioned this issue Dec 8, 2021
Closed
@GalloDaSballo
Copy link
Collaborator

The warden identified a flaw in the logic, the sponsor confirms

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@GalloDaSballo @0xScotch @code423n4