avaxAssignedHighWater is set wrongly in MinipoolManager.sol #193
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-566
edited-by-warden
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/MinipoolManager.sol#L373-L375
Vulnerability details
Impact
Detailed description of the impact of this finding.
avaxAssignedHighWater
is set wrongly inMinipoolManager.sol
at L373, particularly when the minipool was created viarecreateMinipool()
.Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
According to the documentation of
avaxAssignedHighWater
at L26 ofStaking.sol
, ”staker.item.avaxAssignedHighWater = Highest amt of liquid staker funds assigned during a GGP rewards cycle“.However,
avaxAssignedHighWater
is set wrongly inMinipoolManager.sol
at L373 below:It is wrong because instead of replacing the
avaxAssignedHighWater
with a larger value ofavaxAssigned
, it addsavaxLiquidStakerAmt
on top of the existingavaxAssignedHighWater
, which is inconsistent with the definition.In particular, when this minipool was created via
recreateMinipool()
, the newavaxLiquidStakerAmt
is a compound value which contains the originalavaxLiquidStakerAmt
ALREADY. The originalavaxLiquidStakerAmt
will be added AGAIN in this case, which is wrong. Therefore, the safest way is to assign the largeravaxAssigned
, based on the definition to be 100% correct.Tools Used
Remix
Recommended Mitigation Steps
We can fix it with the following code, which will replace the existing
avaxAssignedHighWater
with the current larger value ofavaxAssigned
using functionresetAVAXAssignedHighWater
.The text was updated successfully, but these errors were encountered: