Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minting is completely impossible due to wrongful forking of convex #97

Open
code423n4 opened this issue May 18, 2022 · 4 comments
Open

Minting is completely impossible due to wrongful forking of convex #97

code423n4 opened this issue May 18, 2022 · 4 comments
Labels
bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) duplicate This issue or pull request already exists G (Gas Optimization)

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2022-05-aura/blob/main/contracts/Aura.sol#L101

Vulnerability details

Impact

Minting through the mint function of the Aura token is impossible due to a wrongful fork of the Cvx token. This would require a complete redeployment to revive functionality to the Aura token's mint function.

During each mint, the following calculation is made:

uint256 emissionsMinted = totalSupply() - EMISSIONS_MAX_SUPPLY - minterMinted;

However, initially, totalSupply() is either just the _amount parameter from the initializer, which is likely way lower than EMISSIONS_MAX_SUPPLY. This causes the aforementioned line of code on line 101 to underflow with almost a guarantee and will cause all dependencies on the mint function (which we assume are a lot) to not function.

Proof of Concept

https://github.com/code-423n4/2022-05-aura/blob/main/contracts/Aura.sol#L101

To reproduce the issue: It suffices to deploy Aura and initialize it. Any call to mint will than underflow due to the arithmetic on line 101.

Tools Used

Manual analysis.

Recommended Mitigation Steps

Consider reverting to the original Convex token code for the mint function.
@code423n4 code423n4 added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels May 18, 2022
code423n4 added a commit that referenced this issue May 18, 2022
@code423n4
marcopaladin issue #97
6e01d5f
@0xMaharishi
Copy link

The deploySystem script always passes a value of 5e25 to the init fn, and the system therefore works as intended. However you are right in that there is room for a bug here if the deploy script is misconfigured. We should have the init fn hard coded to 50m

@0xMaharishi 0xMaharishi added disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons labels May 25, 2022
@0xMaharishi
Copy link

Again, the sensationalist language used in this report is way off. You can see in the deploy script that init is called with 5e25. We should have an explicit check to run this though.

@0xMaharishi
Copy link

I recommend this being a 0 or 1 severity. No funds can be touched and nothing back can really happen because its only a potential configuration issue

@0xMaharishi 0xMaharishi added sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") and removed sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons labels May 25, 2022
@0xMaharishi 0xMaharishi mentioned this issue May 26, 2022
Closed
@0xMaharishi 0xMaharishi added duplicate This issue or pull request already exists and removed sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") labels May 26, 2022
@dmvt
Copy link
Collaborator

dmvt commented Jun 20, 2022

I'm downgrading this to a gas issue because the impact of it happening would be that the sponsor would have to redeploy and waste gas. No funds are at risk.

@dmvt dmvt added G (Gas Optimization) and removed 3 (High Risk) Assets can be stolen/lost/compromised directly labels Jun 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) duplicate This issue or pull request already exists G (Gas Optimization)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dmvt @code423n4 @0xMaharishi