Erroneous liquidity data could be added to BalLiquidityProvider #90
Labels
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
duplicate
This issue or pull request already exists
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Comments
code423n4
added
2 (Med Risk)
0xMaharishi
added
disagree with severity
|
This might cause the tx to fail but it wouldn't cause any assets to get locked or for any funds to go missing so would be a 1 severity at most |
This was referenced May 29, 2022
0xMaharishi
added
the
resolved
|
Agree with sponsor. This is a QA issue. |
dmvt
added
QA (Quality Assurance)
|
Grouping this with the warden’s QA report, #83 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.dev/code-423n4/2022-05-aura/blob/a8758161373bc9c9ad2aec363b511afa3ed0613f/contracts/BalLiquidityProvider.sol#L52
Vulnerability details
Impact
In the comment of the method provideLiquidity it said, but erroneous data could be added.
Proof of Concept
The unique check of the assets is:
Therefore, the token in the first position is not checked to be the same as the token in the last position, if the tokens are repeated, all constraints will be bypassed.
Looking in the
MockBalancerVaultlogic, it will be added as liquidity, only taking care about the balance of one token.Source code:
Recommended Mitigation Steps
Check that
_request.assets[0] != _request.assets[1]The text was updated successfully, but these errors were encountered: