[WP-M17] USDMPegRecovery.sol#withdraw()
withdraw may often fail
#212
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/code-423n4/2022-02-concur/blob/72b5216bfeaa7c52983060ebfc56e72e0aa8e3b0/contracts/USDMPegRecovery.sol#L110-L128
Vulnerability details
Per the doc:
https://github.com/code-423n4/2022-02-concur/blob/72b5216bfeaa7c52983060ebfc56e72e0aa8e3b0/contracts/USDMPegRecovery.sol#L110-L128
However, because the
withdraw()
function takes funds from the balance of the contract, once the majority of the funds are added to the curve pool viaprovide()
. Thewithdraw()
may often fail due to insufficient funds in the balance.PoC
4M
USDM and4M
pool3 tokens;provide()
and all theusdm
andpool3
tousdm3crv
;withdraw()
, the tx will fail, due to insufficient balance.Recommendation
Consider calling
usdm3crv.remove_liquidity_one_coin()
when the balance is insufficient for the user's withdrawal.The text was updated successfully, but these errors were encountered: