Skip to content
This repository has been archived by the owner on Feb 18, 2024. It is now read-only.

0x52 - ConvexSpell is completely broken for any curve LP that utilizes native ETH #105

Open
sherlock-admin2 opened this issue Aug 15, 2023 · 1 comment
Open

0x52 - ConvexSpell is completely broken for any curve LP that utilizes native ETH #105

sherlock-admin2 opened this issue Aug 15, 2023 · 1 comment
Labels
Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Aug 15, 2023
edited
Loading

0x52

medium

ConvexSpell is completely broken for any curve LP that utilizes native ETH

Summary

When a Curve pool utilizes native ETH it uses the address 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee. This is problematic because it will try to call balanceOf on this address which will always revert.

Vulnerability Detail

ConvexSpell.sol#L120-L127

    if (tokens.length == 2) {
        uint256[2] memory suppliedAmts;
        for (uint256 i; i != 2; ++i) {
            suppliedAmts[i] = IERC20Upgradeable(tokens[i]).balanceOf(
                address(this)
            );
        }
        ICurvePool(pool).add_liquidity(suppliedAmts, minLPMint);

ConvexSpell#openPositionFarm attempts to call balanceOf on each component of the LP. Since native ETH uses the 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee this call will always revert. This breaks compatibility with EVERY curve pool that uses native ETH which make most of the highest volume pools on the platfrom.

Impact

ConvexSpell is completely incompatible with a majority of Curve pools

Code Snippet

ConvexSpell.sol#L92-L173

Tool used

Manual Review

Recommendation

I would recommend conversion between native ETH and wETH to prevent this issue.
@github-actions github-actions bot added Medium A valid Medium severity issue Has Duplicates A valid issue with 1+ other issues describing the same vulnerability labels Aug 17, 2023
This was referenced Aug 17, 2023
Closed
Open
@sherlock-admin2
Copy link
Contributor Author

1 comment(s) were left on this issue during the judging contest.

0xyPhilic commented:

invalid because the design of the protocol does not show desire for ETH compatibility so the issue can be classified as informational

@Gornutz Gornutz added Sponsor Disputed The sponsor disputed this issue's validity Sponsor Confirmed The sponsor acknowledged this issue is valid and removed Sponsor Disputed The sponsor disputed this issue's validity labels Aug 19, 2023
@sherlock-admin2 sherlock-admin2 changed the title Magnificent Mercurial Swift - ConvexSpell is completely broken for any curve LP that utilizes native ETH 0x52 - ConvexSpell is completely broken for any curve LP that utilizes native ETH Aug 25, 2023
@sherlock-admin2 sherlock-admin2 added the Reward A payout will be made for this issue label Aug 25, 2023
@securitygrid securitygrid mentioned this issue Aug 25, 2023
Closed
@Gornutz Gornutz added the Will Fix The sponsor confirmed this issue will be fixed label Aug 29, 2023
@bcbear-gun bcbear-gun mentioned this issue Sep 8, 2023
Merged
@VagnerAndrei26 VagnerAndrei26 mentioned this issue Dec 9, 2023
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Gornutz @sherlock-admin2