This repository has been archived by the owner on Oct 1, 2023. It is now read-only.
yixxas - It is still possible for users to lose their funds when the counterparty vault has no deposits #153
Labels
Duplicate
A valid issue that is a duplicate of an issue with `Has Duplicates` label
Escalation Resolved
This issue's escalations have been approved/rejected
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Comments
github-actions
bot
added
the
Excluded
|
Escalate for 10 USDC Dupe of #108 |
You've created a valid escalation for 10 USDC! To remove the escalation from consideration: Delete your comment. You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final. |
|
Escalation accepted Valid duplicate of #108 |
This issue's escalations have been accepted! Contestants' payouts and scores will be updated according to the changes made on this issue. |
sherlock-admin
added
Escalation Resolved
hrishibhat
added
Duplicate
sherlock-admin
added
Medium
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
yixxas
medium
It is still possible for users to lose their funds when the counterparty vault has no deposits
Summary
triggerNullEpoch()is implemented to protect against the case of when one side of the vault has no deposits. However, it is still possible for users to lose funds iftriggerNullEpoch()is not called before the end of the epoch, astriggerEndEpoch()can now be called.Vulnerability Detail
triggerNullEpoch()can be called by anyone once epoch has started and doing so will allow users to withdraw their assets from the vault if counterparty vault is empty. However, in the case where this is not called, for various reasons such as a downtime on arbitrum or simply having no one calling the function, users can lose their deposits.The issue here is that
triggerEndEpoch()can be called as long asblock.timestamp > uint256(epochEnd). This will lead to the same issue as found in H-04 in the previous Y2k audit done at C4. code-423n4/2022-09-y2k-finance-findings#312triggerEndEpoch()can be called regardless of whether it is possible to trigger null epoch. We should enforce the impossibility of it onchain and not rely or assume thattriggerNullEpoch()will always be triggered before epoch ends.Impact
Users can lose deposits when counterparty vault has 0 deposits.
Code Snippet
https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Controllers/ControllerPeggedAssetV2.sol#L160
Tool used
Manual Review
Recommendation
Add an additional check to
triggerEndEpoch()to disallow calling of it should one side of the risk/hedge vault have 0 deposits and prevent it from being callable even ifblock.timestamp > uint256(epochEnd).Duplicate of #108
The text was updated successfully, but these errors were encountered: