This repository has been archived by the owner on Mar 3, 2024. It is now read-only.
ast3ros - Vault cannot be added back into the vault registry #674
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
ast3ros
medium
Vault cannot be added back into the vault registry
Summary
The vault registry does not clear the vault type mapping when removing a vault, which prevents the same vault from being added back later.
Vulnerability Detail
When removing a vault from the registry, all states related to the vaults such as the
_vaults
,_assets
,_vaultsByAsset
are cleared except the_vaultsByType
state.https://github.com/sherlock-audit/2023-06-tokemak/blob/5d8e902ce33981a6506b1b5fb979a084602c6c9a/v2-core-audit-2023-07-14/src/vault/LMPVaultRegistry.sol#L64-L82
The uncleared
_vaultsByType
state will cause theaddVault
function to revert when trying to add the vault back into the registry even though the vault does not exist in the registry anymore.https://github.com/sherlock-audit/2023-06-tokemak/blob/5d8e902ce33981a6506b1b5fb979a084602c6c9a/v2-core-audit-2023-07-14/src/vault/LMPVaultRegistry.sol#L59
Impact
The
addVault
function is broken in the edge case when the updater tries to add the vault back into the registry after removing it. It affects all the operations of the protocol that rely on the vault registry.Code Snippet
https://github.com/sherlock-audit/2023-06-tokemak/blob/5d8e902ce33981a6506b1b5fb979a084602c6c9a/v2-core-audit-2023-07-14/src/vault/LMPVaultRegistry.sol#L64-L82
Tool used
Manual Review
Recommendation
Clear the
_vaultsByType
state when removing the vault from the registry.The text was updated successfully, but these errors were encountered: