The validateBorrowATokenIncreaseLteDebtTokenDecrease
is incorrect and can be easily bypassed
#243
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-238
🤖_48_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-06-size/blob/8850e25fb088898e9cf86f9be1c401ad155bea86/src/libraries/CapsLibrary.sol#L27
Vulnerability details
Impact
The
validateBorrowATokenIncreaseLteDebtTokenDecrease
function inCapsLibrary.sol
validates that the increase in borrow aToken supply is less than or equal to the decrease in debt token supply.The issue is that due to incorrect validation, it is almost impossible for the function to ever not be successful, even when it shouldn't be.
Proof of Concept
The function should revert if the debt increase is greater than the supply increase and the supply is above the cap.
Here is the validation that the supply is above the cap:
The issue is that the
borrowATokenSupplyAfter
is not the full supply of theborrowAToken
but instead the contract's balance. This implementation is sufficient for the rest of the function, but should not be used in this particular instance as it is almost impossible for the balance of the contract to ever reach the supply cap.However, in the current implementation, it is possible for the total supply of the borrow token to reach the supply cap and the required validation will still not be performed.
As a result, the
validateBorrowATokenIncreaseLteDebtTokenDecrease
will be bypassed in almost all cases, allowing for malicious actions to be performed.Tools Used
Manual review
Recommended Mitigation Steps
Consider performing the validation the following way:
Assessed type
Invalid Validation
The text was updated successfully, but these errors were encountered: