Skip to content

extra safety in distributeYieldForTreasuryAndReturnMarketAllocation #14

New issue
New issue
Open
Open
extra safety in distributeYieldForTreasuryAndReturnMarketAllocation#14
Labels
0 (Non-critical)bugSomething isn't workingdisagree with severityinvalidThis doesn't seem rightsponsor disputed
@code423n4

Description

@code423n4
code423n4
opened on Aug 6, 2021

Handle

gpersoon

Vulnerability details

Impact

The function distributeYieldForTreasuryAndReturnMarketAllocation can revert if totalRealized > totalHeld (as noted in the comments)

Although this very unlikely, the consequence will be large because distributeYieldForTreasuryAndReturnMarketAllocation is called by
_claimAndDistributeYieldThenRebalanceMarket , which is call by_updateSystemStateInternal.
So the entire market would no longer function.

As this edge case is easy to solve it seem like a now brainer to do.

Proof of Concept

//https://github.com/code-423n4/2021-08-floatcapital/blob/main/contracts/contracts/YieldManagerAave.sol#L179
function distributeYieldForTreasuryAndReturnMarketAllocation(
..
uint256 totalHeld = aToken.balanceOf(address(this));
uint256 totalRealized = totalValueRealizedForMarket + totalReservedForTreasury + amountReservedInCaseOfInsufficientAaveLiquidity;
if (totalRealized == totalHeld) {
return 0;
}
// will revert in case totalRealized > totalHeld which should be never.
uint256 unrealizedYield = totalHeld - totalRealized;

Tools Used

Recommended Mitigation Steps

replace
if (totalRealized == totalHeld) { return 0; }
with
if (totalRealized >= totalHeld) { return 0; }

Metadata

Metadata

Assignees

No one assigned

    Labels

    0 (Non-critical)bugSomething isn't workingdisagree with severityinvalidThis doesn't seem rightsponsor disputed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions