Overflow potential in processEpoch() #362
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-15
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/PublicVault.sol#L321-L337
Vulnerability details
Impact
In
PublicVault.sol#processEpoch()
, we update the withdraw reserves based on howtotalAssets()
(the real amount of the underlying asset held by the vault) compares to the expected value in the withdraw proxy:In the event that the
totalAssets()
is greater than expected, we take the surplus in assets multiply it by the withdraw ratio, and assign this value tos.withdrawReserve
.However, because this logic is wrapped in an
unchecked
block, it must have confidence that this calculation does not overflow. Because the protocol allows arbitrary ERC20s to be used, it can't have confidence in the size oftotalAssets()
, which opens up the possibility for an overflow in this function.Proof of Concept
mulWadDown
is calculated by first multiplying the two values, and then dividing by1e18
. This is intended to prevent rounding errors with the division, but also means that an overflow is possible when the two values have been multiplied, before any division has taken place.This unchecked block is safe from overflows if:
(totalAssets() - expected) * s.liquidationWithdrawRatio < 1e88
(because s.withdrawRatio is 88 bytes)liquidationWithdrawRatio
is represented as a ratio of WAD, so it will be in the1e17
-1e18
range, let's assume1e17
to be safetotalAssets() - expected < 1e61
Although this is unlikely with most tokens (and certainly would have been safe in the previous iteration of the protocol that only used
WETH
, when allowing arbitrary ERC20 tokens, this is a risk.Tools Used
Manual Review
Recommended Mitigation Steps
Remove the
unchecked
block around this calculation, or add an explicitly clause to handle the situation wheretotalAssets()
gets too large for the current logic.The text was updated successfully, but these errors were encountered: