Borrowing of the whole asset supply can yield a low-level division revert #96
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Comments
code423n4
added
1 (Low Risk)
Mathepreneur
added
the
sponsor acknowledged
|
It's designed such that borrowers cannot borrow up to that amount. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
hyh
Vulnerability details
Impact
System will fail with low-level message without giving a business reason, which can be an issue for troubleshooting and further programmatic usages by other projects.
Proof of Concept
If a borrower tries to get almost all available assets, the low level division can fail in the check function:
https://github.com/code-423n4/2022-01-timeswap/blob/main/Timeswap/Timeswap-V1-Core/contracts/libraries/BorrowMath.sol#L35
Recommended Mitigation Steps
Add a maximum share of current assets that can be borrowed and revert with the corresponding error message before running the computations.
The text was updated successfully, but these errors were encountered: