processWithdrawals maxWithdrawalProcesses is verified incorrectly #21
Labels
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
duplicate
This issue or pull request already exists
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Comments
code423n4
added
2 (Med Risk)
atvanguard
added
disagree with severity
|
Not leading to any kind of broken functionality so would classify as |
atvanguard
added
the
resolved
JasoonS
added
QA (Quality Assurance)
|
Grouping with warden's QA report #19 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/VUSD.sol#L57
Vulnerability details
Impact
Contract can go out of gas since contract will try to run withdrawal over and above maxWithdrawalProcesses limit
Proof of Concept
The processWithdrawals function at VUSD.sol#L53 is not imposing checks on maxWithdrawalProcesses correctly
Currently processWithdrawals will run for maxWithdrawalProcesses+1 so there will be one extra run which could cause undesired problems like Out of Gas
Assume maxWithdrawalProcesses was set to 1 and processWithdrawals is called
Since both start and i are 0 so (i - start) <= maxWithdrawalProcesses becomes 0-0<=1 which is true
After the loop completes i becomes 1, so (i - start) <= maxWithdrawalProcesses becomes 1-0<=1 which is again true. This means withdrawal will again run for second time which is incorrect since withdrawal was only allowed once
Recommended Mitigation Steps
Change the below while condition to (= removed):
The text was updated successfully, but these errors were encountered: