Inside Multicall, wrong parameters passed into state.validateBorrowATokenIncreaseLteDebtTokenDecrease allows for unintended behaviour where total supply of borrowAtokens exceed borrowATokenCap despite not being for the purpose of decreasing debt #294
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-238
🤖_48_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-06-size/blob/8850e25fb088898e9cf86f9be1c401ad155bea86/src/libraries/Multicall.sol#L29-L42
Vulnerability details
Impact
Inside
multicall
, wrong parameters passed intostate.validateBorrowATokenIncreaseLteDebtTokenDecrease
allows for unintended behaviour whereborrowAToken.totalSupply()
exceedborrowATokenCap
despite not being for the purpose of decreasing debtCompromises the integrity of
state.riskConfig.borrowATokenCap
as users can easily deposit USDC into the pool far exceeding the borrowATokenCap even though it is not for reducing debt.Proof of Concept
The piece of code below shows how user
Alice
can deposit 2 Million USDC even though the token cap is 1 Million.The purpose of calling
state.validateBorrowATokenIncreaseLteDebtTokenDecrease
at the end of ofmulticall
is to allow users to deposit more tokens than the cap allows if it is for the sake of reducing debt. However in the piece of code above, even though no debt was reduced the user was still able to exceed the token cap.Tools Used
Manual Review
Recommended Mitigation Steps
To fix the issue instead of using
borrowAToken.balanceOf(address(this))
useborrowAToken.totalSupply()
.Assessed type
Invalid Validation
The text was updated successfully, but these errors were encountered: