You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Mar 3, 2024. It is now read-only.
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
LMPVaultRegistry removed vaults cannot be added again since _vaultsByType mapping is not cleared
Summary
LMPVaultRegistry removed vaults cannot be added again since _vaultsByType mapping is not cleared
Vulnerability Detail
The function addVault in LMPRegistry.sol is used to add vaults and removeVault is used to remove them. The addvault function updates the following enumerable sets: _vaults, _vaultsByAsset and _vaultsByType. The add function expects the vault being added to not be in these sets, or it will revert based on the return value.
if (!_vaults.add(vaultAddress)) revertVaultAlreadyExists(vaultAddress);
if (!_vaultsByAsset[asset].add(vaultAddress)) revertVaultAlreadyExists(vaultAddress);
if (!_vaultsByType[vaultType].add(vaultAddress)) revertVaultAlreadyExists(vaultAddress);
The issue is that the removeVault function does not update the _vaultsByType set. So when a vault is removed, the _vaultsByType[vaultType] set still contains the old vault address. So if the same vault is attempted to be added again, the addVault function will revert, since the _vaultsByType[vaultType].add(vaultAddress) function will return false.
Impact
Once removed vaults cannot be added back. This can lead to loss of funds if the vault is removed by mistake, or for re-configuration purposes.
sherlock-admin
changed the title
Faint Raisin Monkey - LMPVaultRegistry removed vaults cannot be added again since _vaultsByType mapping is not cleared
carrotsmuggler - LMPVaultRegistry removed vaults cannot be added again since _vaultsByType mapping is not cleared
Oct 3, 2023
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
carrotsmuggler
high
LMPVaultRegistry
removed vaults cannot be added again since_vaultsByType
mapping is not clearedSummary
LMPVaultRegistry
removed vaults cannot be added again since_vaultsByType
mapping is not clearedVulnerability Detail
The function
addVault
inLMPRegistry.sol
is used to add vaults andremoveVault
is used to remove them. Theaddvault
function updates the following enumerable sets:_vaults
,_vaultsByAsset
and_vaultsByType
. The add function expects the vault being added to not be in these sets, or it will revert based on the return value.The issue is that the
removeVault
function does not update the_vaultsByType
set. So when a vault is removed, the_vaultsByType[vaultType]
set still contains the old vault address. So if the same vault is attempted to be added again, theaddVault
function will revert, since the_vaultsByType[vaultType].add(vaultAddress)
function will return false.Impact
Once removed vaults cannot be added back. This can lead to loss of funds if the vault is removed by mistake, or for re-configuration purposes.
Code Snippet
https://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/vault/LMPVaultRegistry.sol#L64-L82
Tool used
Manual Review
Recommendation
Clear the vault from the
_vaultsByType
set when a vault is removed.Duplicate of #674
The text was updated successfully, but these errors were encountered: