Skip to content
This repository has been archived by the owner on Oct 1, 2023. It is now read-only.

bin2chen - emissionsToken may be remain in the contract #170

Closed
sherlock-admin opened this issue Mar 27, 2023 · 0 comments
Closed

bin2chen - emissionsToken may be remain in the contract #170

sherlock-admin opened this issue Mar 27, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Mar 27, 2023
edited by github-actions bot
Loading

bin2chen

medium

emissionsToken may be remain in the contract

Summary

if NullEpoch, emissionsToken will remain in the contract.

Vulnerability Detail

When calling createEpochWithEmissions() to create an epoch, it will transfer the EmissionsToken to the vaults
The code is as follows:

    function createEpochWithEmissions(
        uint256 _marketId,
        uint40 _epochBegin,
        uint40 _epochEnd,
        uint16 _withdrawalFee,
        uint256 _permiumEmissions,
        uint256 _collatEmissions
    ) public returns (uint256 epochId, address[2] memory vaults) {
        // no need for onlyOwner modifier as createEpoch already has modifier
        (epochId, vaults) = createEpoch(
            _marketId,
            _epochBegin,
            _epochEnd,
            _withdrawalFee
        );

        emissionsToken.safeTransferFrom(treasury, vaults[0], _permiumEmissions);  //<-----transfer to vaults[0]
        ICarousel(vaults[0]).setEmissions(epochId, _permiumEmissions);  

        emissionsToken.safeTransferFrom(treasury, vaults[1], _collatEmissions); //<-----transfer to vaults[1]
        ICarousel(vaults[1]).setEmissions(epochId, _collatEmissions);
    }

when the user withdraw() in vaults, the token will be transferred to the user in proportion to the shares.
but the consideration is missing here if no one makes a deposit for this epoch. It will be triggerNullEpoch()
In this case, no one can withdraw(), and the emissionsToken will remain in the contract.
recommended that if NullEpoch, return the emissionsToken to treasury

Impact

emissionsToken may be locked in the contract

Code Snippet

https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Carousel/CarouselFactory.sol#L132

Tool used

Manual Review

Recommendation

+    function backEmissionToken(uint256 _id) external       
+                epochIdExists(_id)
+                epochHasEnded(_id)
+                nonReentrant 
+                onlyFactory {
+            if(finalTVL[_id]==0){
+                emissionsToken.safeTransfer(treasury, emissions[_id]);
+            }
+    }

Duplicate of #122
@github-actions github-actions bot closed this as completed Apr 3, 2023
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Apr 3, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Apr 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin