New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Users may not be able to redeem their shares due to underflow #317
Comments
Coded POC is well documented -> Primary |
GalloDaSballo marked the issue as primary issue |
This is a known issue that we don't intend to fix. The issue is most likely to present itself at the very start of the ggAVAX and not during typical operation. There's a bit more explanation here: ERC4626-Alliance/ERC4626-Contracts#24 I don't believe redeeming max available is an appropriate solution because the spec for redeem reads
|
The Warden has shown a scenario in which While this can be attributed to rounding errors, it ultimately is possible for certain depositors to lose marginal amounts of their rewards or principal. Because of the reduced impact, I agree with Medium Severity This is a hedge case that has been argued to have happened very rarely, and for this reason, I maintain that the severity is Medium, but can agree with a nofix, as the worst case will require the Sponsor to offer a small amount of additional token, to allow the last withdrawer to maxRedeem |
GalloDaSballo marked the issue as selected for report |
Lines of code
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/tokens/TokenggAVAX.sol#L191
https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/tokens/TokenggAVAX.sol#L88
Vulnerability details
Impact
The
totalReleasedAssets
variable is updated on the syncRewards() function if someone calls the function beforerewardsCycleEnd
the redeemAVAX() will be reverted because thetotalReleasedAssets
may not include all the rewards.The ggAvax holder can not redeem his funds until the
rewardsCycleEnd
Proof of Concept
I did the next test:
Output:
Tools used
Foundry/VsCode
Recommended Mitigation Steps
Consider redeem the max available amount for the shares owner instead of revert. The
maxRedeem()
function amount is not the same as thepreviewRedeem()
amount.The text was updated successfully, but these errors were encountered: