Skip to content
This repository has been archived by the owner on Oct 1, 2023. It is now read-only.

bin2chen - triggerEndEpoch() miss check vault.totalAssets() equals 0 #213

Closed
sherlock-admin opened this issue Mar 27, 2023 · 0 comments
Closed

bin2chen - triggerEndEpoch() miss check vault.totalAssets() equals 0 #213

sherlock-admin opened this issue Mar 27, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Mar 27, 2023
edited by github-actions bot
Loading

bin2chen

medium

triggerEndEpoch() miss check vault.totalAssets() equals 0

Summary

triggerEndEpoch() miss check vault.totalAssets() equals 0, but it is possible, premium will lose

Vulnerability Detail

in triggerDepeg() have check vault.totalAssets() can't equal 0

    function triggerDepeg(uint256 _marketId, uint256 _epochId) public {
...
        // check if epoch qualifies for null epoch
        if (
            premiumVault.totalAssets(_epochId) == 0 ||
            collateralVault.totalAssets(_epochId) == 0
        ) {
            revert VaultZeroTVL();
        }

but in triggerEndEpoch() don't check the vault.totalAssets() can't equal 0
the protocol does not limit the size of epochEnd-epochStart
triggerEndEpoch() may not be called for some reason
Or the period is very short, triggerEndEpoch() may be maliciously called before triggerNullEpoch() is called
if this happens, and collateral.totalAssets () == 0 , premium will lose

Impact

premium may lose

Code Snippet

https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Controllers/ControllerPeggedAssetV2.sol#L144

Tool used

Manual Review

Recommendation

    function triggerEndEpoch(uint256 _marketId, uint256 _epochId) public {
....
+        // check if epoch qualifies for null epoch
+        if (
+            premiumVault.totalAssets(_epochId) == 0 ||
+            collateralVault.totalAssets(_epochId) == 0
+        ) {
+            revert VaultZeroTVL();
+        }
...

Duplicate of #108
@github-actions github-actions bot closed this as completed Apr 3, 2023
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Apr 3, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Apr 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin