You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Mar 3, 2024. It is now read-only.
sherlock-admin opened this issue
Aug 30, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
A previously removed LMPVault can never been added to LMPVaultRegistry again
Summary
The removeVault() function of LMPVaultRegistry contract is missing to remove vaultAddress from _vaultsByType mapping, attempting to add a previously removed LMPVault would always revert.
Vulnerability Detail
Please look at the implementation of removeVault(), vaultAddress is removed from _vaultsByAsset mapping, but not removed from _vaultsByType mapping. Hence, addVault() with any previously removed vaultAddress would revert on L59.
File: src\vault\LMPVaultRegistry.sol
46: function addVault(addressvaultAddress) external onlyUpdater {
47: Errors.verifyNotZero(vaultAddress, "vaultAddress");
48:
49: ILMPVault vault =ILMPVault(vaultAddress);
50:
51: address asset = vault.asset();
52: bytes32 vaultType = vault.vaultType();
53:
54: if (!_vaults.add(vaultAddress)) revertVaultAlreadyExists(vaultAddress);
55: //slither-disable-next-line unused-return56: if (!_assets.contains(asset)) _assets.add(asset);
57:
58: if (!_vaultsByAsset[asset].add(vaultAddress)) revertVaultAlreadyExists(vaultAddress);
59: if (!_vaultsByType[vaultType].add(vaultAddress)) revertVaultAlreadyExists(vaultAddress);
60:
61: emitVaultAdded(asset, vaultAddress);
62: }
63:
64: function removeVault(addressvaultAddress) external onlyUpdater {
65: Errors.verifyNotZero(vaultAddress, "vaultAddress");
66:
67: // remove from vaults list68: if (!_vaults.remove(vaultAddress)) revertVaultNotFound(vaultAddress);
69:
70: address asset =ILMPVault(vaultAddress).asset();
71:
72: // remove from assets list if this was the last vault for that asset73: if (_vaultsByAsset[asset].length() ==1) {
74: //slither-disable-next-line unused-return75: _assets.remove(asset);
76: }
77:
78: // remove from vaultsByAsset mapping79: if (!_vaultsByAsset[asset].remove(vaultAddress)) revertVaultNotFound(vaultAddress);
80:
81: emitVaultRemoved(asset, vaultAddress);
82: }
Impact
Any previously removed LMPVaults can never been added to LMPVaultRegistry again
sherlock-admin2
changed the title
Obedient Sandstone Parrot - A previously removed LMPVault can never been added to LMPVaultRegistry again
KingNFT - A previously removed LMPVault can never been added to LMPVaultRegistry again
Oct 3, 2023
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
KingNFT
medium
A previously removed
LMPVault
can never been added toLMPVaultRegistry
againSummary
The
removeVault()
function ofLMPVaultRegistry
contract is missing to removevaultAddress
from_vaultsByType
mapping, attempting to add a previously removedLMPVault
would always revert.Vulnerability Detail
Please look at the implementation of
removeVault()
,vaultAddress
is removed from_vaultsByAsset
mapping, but not removed from_vaultsByType
mapping. Hence,addVault()
with any previously removedvaultAddress
would revert on L59.Impact
Any previously removed
LMPVaults
can never been added toLMPVaultRegistry
againCode Snippet
https://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/vault/LMPVaultRegistry.sol#L64
Tool used
Manual Review
Recommendation
Removing
LMPVault
from_vaultsByType
mapping whenremoveVault()
.Duplicate of #674
The text was updated successfully, but these errors were encountered: