-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Loss in a strategy could prevent withdraws. #124
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-488
edited-by-warden
grade-b
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
code423n4
added
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
labels
Feb 23, 2023
code423n4
added
3 (High Risk)
Assets can be stolen/lost/compromised directly
edited-by-warden
and removed
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
labels
Feb 24, 2023
trust1995 marked the issue as duplicate of #710 |
trust1995 marked the issue as satisfactory |
c4-judge
added
the
satisfactory
satisfies C4 submission criteria; eligible for awards
label
Mar 10, 2023
trust1995 marked the issue as duplicate of #488 |
c4-judge
added
downgraded by judge
Judge downgraded the risk level of this issue
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
and removed
3 (High Risk)
Assets can be stolen/lost/compromised directly
labels
Mar 20, 2023
trust1995 changed the severity to QA (Quality Assurance) |
c4-judge
removed
the
downgraded by judge
Judge downgraded the risk level of this issue
label
Mar 23, 2023
This previously downgraded issue has been upgraded by trust1995 |
c4-judge
added
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
downgraded by judge
Judge downgraded the risk level of this issue
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
and removed
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
labels
Mar 23, 2023
trust1995 changed the severity to QA (Quality Assurance) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-488
edited-by-warden
grade-b
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2023-02-ethos/blob/main/Ethos-Vault/contracts/ReaperVaultV2.sol#L359
https://github.com/code-423n4/2023-02-ethos/blob/main/Ethos-Vault/contracts/ReaperVaultV2.sol#L392
https://github.com/code-423n4/2023-02-ethos/blob/main/Ethos-Vault/contracts/ReaperVaultV2.sol#L436
Vulnerability details
Impact
When a withdraw happen on the Vault, if the amount required to be withdraw is greater then the current balance of the Vault, the Vault will try to withdraw allocated funds from the strategies until it reach the required amount to be withdrawn. The problem in such scenario is that everytime the fund are withdraw from a strategy, it will determine if the strategy got a loss or a gain, and in case of a loss we will be reporting this to our own accounting (the vault doesn't blindly trust the strategy). At the moment of reporting this loss, if the loss is greater than the allocation (which should be impossible), the whole transaction will be reverted, so the withdraw.
The strategy is an external contract of the Vault (even if we manage the code, here we use Granary in the current contest which seems safe, but more will be added overtime which could introduce bug) and we cannot fully control what it will return as a loss from a Vault perspective. I agree that it should never return a loss be greater than the allocation, but if that ever happen du to a bug in the strategy (unexpected external condition to the strategy, which is why you added a problematic require in the first place in the vault), it would cause a problem for the entire vault withdraw process, which then could be problematic as depositor or active pool cannot get funds back in a timely manner, until the strategy would be having a positive ROI. In case the strategy cannot come with a positive ROI, fund would be locked into the strategy forever, which is a direct impact on funds, which is why I clasify this issue as High.
Proof of Concept
For example, if you simulate the existing Granary strategy to behave badly (by simulating the behavior I explained), and run the following test, the issue will be happening and the test will fail.
Tools Used
Code examination and test from starter-test.js
Recommended Mitigation Steps
The text was updated successfully, but these errors were encountered: