Skip to content
This repository has been archived by the owner on Mar 3, 2024. It is now read-only.

carrotsmuggler - LMPVaultRegistry removed vaults cannot be added again since _vaultsByType mapping is not cleared #817

Closed
sherlock-admin2 opened this issue Aug 30, 2023 · 0 comments
Closed

carrotsmuggler - LMPVaultRegistry removed vaults cannot be added again since _vaultsByType mapping is not cleared #817

sherlock-admin2 opened this issue Aug 30, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Aug 30, 2023
edited by sherlock-admin
Loading

carrotsmuggler

high

LMPVaultRegistry removed vaults cannot be added again since _vaultsByType mapping is not cleared

Summary

LMPVaultRegistry removed vaults cannot be added again since _vaultsByType mapping is not cleared

Vulnerability Detail

The function addVault in LMPRegistry.sol is used to add vaults and removeVault is used to remove them. The addvault function updates the following enumerable sets: _vaults, _vaultsByAsset and _vaultsByType. The add function expects the vault being added to not be in these sets, or it will revert based on the return value.

if (!_vaults.add(vaultAddress)) revert VaultAlreadyExists(vaultAddress);
if (!_vaultsByAsset[asset].add(vaultAddress)) revert VaultAlreadyExists(vaultAddress);
if (!_vaultsByType[vaultType].add(vaultAddress)) revert VaultAlreadyExists(vaultAddress);

The issue is that the removeVault function does not update the _vaultsByType set. So when a vault is removed, the _vaultsByType[vaultType] set still contains the old vault address. So if the same vault is attempted to be added again, the addVault function will revert, since the _vaultsByType[vaultType].add(vaultAddress) function will return false.

Impact

Once removed vaults cannot be added back. This can lead to loss of funds if the vault is removed by mistake, or for re-configuration purposes.

Code Snippet

https://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/vault/LMPVaultRegistry.sol#L64-L82

Tool used

Manual Review

Recommendation

Clear the vault from the _vaultsByType set when a vault is removed.

if (!_vaultsByType[vaultType].remove(vaultAddress)) revert VaultNotFound(vaultAddress);

Duplicate of #674
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Sep 11, 2023
@sherlock-admin sherlock-admin changed the title Faint Raisin Monkey - LMPVaultRegistry removed vaults cannot be added again since _vaultsByType mapping is not cleared carrotsmuggler - LMPVaultRegistry removed vaults cannot be added again since _vaultsByType mapping is not cleared Oct 3, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Oct 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin @sherlock-admin2