M-11 MitigationConfirmed #18
Labels
Comments
|
0xean marked the issue as satisfactory |
c4-judge
added
the
satisfactory
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
Vulnerability details
This issue is mitigated.
Explanation of found problem
This issue allows attacker to disable basket when unregistering of an asset that was not in the basket. It was possible to do, by gas amount manipulation. Attacker just needs to send not enough amount of gas to execute
basketHandler.quantityfunction. This will be then caught and basket will be disabled. As result of this, basket was disabled, which paused some system actions and could lead to some unneeded trading losses.How it was fixed
Reserve team has fixed this, by ensuring, that call was provided with enough amount of gas to be able to call
basketHandler.quantity. Now it's not possible to replay attack, as code ensures, thatGAS_FOR_BH_QTYamount of gas is sent withbasketHandler.quantitycall.The text was updated successfully, but these errors were encountered: