Skip to content
This repository has been archived by the owner on Mar 3, 2024. It is now read-only.

n33k - LMPVault: DoS when feeSink balance hits perWalletLimit #679

Open
sherlock-admin2 opened this issue Aug 30, 2023 · 0 comments
Open

n33k - LMPVault: DoS when feeSink balance hits perWalletLimit #679

sherlock-admin2 opened this issue Aug 30, 2023 · 0 comments
Labels
Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Aug 30, 2023
edited by sherlock-admin
Loading

n33k

medium

LMPVault: DoS when feeSink balance hits perWalletLimit

Summary

The LMPVault token share has a per-wallet limit. LMPVault collects fees as share tokens to the feeSink address. _collectFees will revert if it mints shares that make the feeSink balance hit the perWalletLimit.

Vulnerability Detail

_collectFees mints shares to feeSink.

function _collectFees(uint256 idle, uint256 debt, uint256 totalSupply) internal {
    address sink = feeSink;
    ....
    if (fees > 0 && sink != address(0)) {
        // Calculated separate from other mints as normal share mint is round down
        shares = _convertToShares(fees, Math.Rounding.Up);
        _mint(sink, shares);
        emit Deposit(address(this), sink, fees, shares);
    }
    ....
}

_mint calls _beforeTokenTransfer internally to check if the target wallet exceeds perWalletLimit.

function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual override whenNotPaused {
    ....
    if (balanceOf(to) + amount > perWalletLimit) {
        revert OverWalletLimit(to);
    }
}

_collectFees function will revert if balanceOf(feeSink) + fee shares > perWalletLimit. updateDebtReporting, rebalance and flashRebalance call _collectFees internally so they will be unfunctional.

Impact

updateDebtReporting, rebalance and flashRebalance won't be working if feeSink balance hits perWalletLimit.

Code Snippet

https://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/vault/LMPVault.sol#L823

https://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/vault/LMPVault.sol#L849-L851

https://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/vault/LMPVault.sol#L797

https://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/vault/LMPVault.sol#L703

https://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/vault/LMPVault.sol#L727

Tool used

Manual Review

Recommendation

Allow feeSink to exceeds perWalletLimit.
@github-actions github-actions bot added Medium A valid Medium severity issue Has Duplicates A valid issue with 1+ other issues describing the same vulnerability labels Sep 11, 2023
This was referenced Sep 11, 2023
Closed
Closed
Closed
@codenutt codenutt added the Sponsor Confirmed The sponsor acknowledged this issue is valid label Sep 13, 2023
@sherlock-admin sherlock-admin changed the title Blurry Green Yak - LMPVault: DoS when feeSink balance hits perWalletLimit n33k - LMPVault: DoS when feeSink balance hits perWalletLimit Oct 3, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Oct 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@codenutt @sherlock-admin @sherlock-admin2