Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ClearingHouse fail if broken amm whitelisted #67

Closed
code423n4 opened this issue Feb 23, 2022 · 4 comments
Closed

ClearingHouse fail if broken amm whitelisted #67

code423n4 opened this issue Feb 23, 2022 · 4 comments
Labels
bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) duplicate This issue or pull request already exists QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2022-02-hubble/blob/ed1d885d5dbc2eae24e43c3ecbf291a0f5a52765/contracts/ClearingHouse.sol#L339

Vulnerability details

Impact

Governance can whitelist amm in ClearingHouse using the whitelistAmm function. Since a lot of function in the ClearingHouse contract will iterate each of the amm in amms and call various amm.function(), if a broken amm is whitelisted or became broken, many of those functions will revert. There are no mechanism to remove amm from the amms array so the protocol will fail.

Proof of Concept

https://github.com/code-423n4/2022-02-hubble/blob/ed1d885d5dbc2eae24e43c3ecbf291a0f5a52765/contracts/ClearingHouse.sol#L339

    function whitelistAmm(address _amm) external onlyGovernance {
        emit MarketAdded(amms.length, _amm);
        amms.push(IAMM(_amm));
    }

Recommended Mitigation Steps

  1. Add a way to remove amm from the amms array
  2. Check basic functionality of amm before adding
@code423n4 code423n4 added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Feb 23, 2022
code423n4 added a commit that referenced this issue Feb 23, 2022
@code423n4
gzeon issue #67
4b6b2bc
@atvanguard
Copy link
Collaborator

atvanguard commented Feb 24, 2022
edited
Loading

Acknowledging but yes system heavily relies on the admins to do the right thing, the right way. Would classify this as 0 (Informational).

@atvanguard atvanguard added disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons labels Feb 24, 2022
@JasoonS JasoonS added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value and removed 3 (High Risk) Assets can be stolen/lost/compromised directly labels Mar 6, 2022
@JasoonS
Copy link
Collaborator

JasoonS commented Mar 6, 2022

Listed mitigation steps are valid. I'd also recommend implementing them (2 can be tricky, something like https://eips.ethereum.org/EIPS/eip-165 isn't exactly a joy...).

Basically mistakes can happen and so best have safeguards (especially if they are easy to implement).

@JasoonS JasoonS added QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Mar 6, 2022
@JasoonS
Copy link
Collaborator

JasoonS commented Mar 6, 2022

Changing to Low risk in light of #66 - which is the bigger risk (although same/similar mitigation steps)

@JeeberC4 JeeberC4 added the duplicate This issue or pull request already exists label Mar 24, 2022
@JeeberC4
Copy link

Grouping with warden's QA report #89

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) duplicate This issue or pull request already exists QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@atvanguard @JasoonS @code423n4 @JeeberC4