Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KupiaSec - The PsmLib.lvRedeemRaWithCtDs() function doesn't decrease the locked amount of RA #221

Closed
sherlock-admin2 opened this issue Sep 10, 2024 · 0 comments
Closed

KupiaSec - The PsmLib.lvRedeemRaWithCtDs() function doesn't decrease the locked amount of RA #221

sherlock-admin2 opened this issue Sep 10, 2024 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Sep 10, 2024
edited by sherlock-admin3
Loading

KupiaSec

High

The PsmLib.lvRedeemRaWithCtDs() function doesn't decrease the locked amount of RA

Summary

The lvRedeemRaWithCtDs() function is invoked when exchanging CT + DS for RA (through redeemEarly -> _liquidateLpPartial -> _redeemCtDsAndSellExcessCt). This function only burns CT + DS without decreasing the locked amount of RA.

Vulnerability Detail

As you can see, the lvRedeemRaWithCtDs() function only burns CT + DS without decreasing the locked amount of RA. Consequently, psm.balances.ra.locked (which represents the amount of locked RA) will be greater than it should be, leading to a loss of funds for the protocol, as the locked RA will be distributed to users after expiry.

    function lvRedeemRaWithCtDs(State storage self, uint256 amount, uint256 dsId) internal {
        DepegSwap storage ds = self.ds[dsId];
127     ds.burnBothforSelf(amount);
    }

Impact

Loss of RA for the protocol.

Code Snippet

https://github.com/sherlock-audit/2024-08-cork-protocol/tree/main/Depeg-swap/contracts/libraries/PsmLib.sol#L125-L128

Tool used

Manual Review

Recommendation

Also, decrease the locked amount of RA.

Duplicate of #166
@github-actions github-actions bot added Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. labels Sep 14, 2024
@sherlock-admin3 sherlock-admin3 changed the title Acrobatic Cider Cougar - The PsmLib.lvRedeemRaWithCtDs() function doesn't decrease the locked amount of RA KupiaSec - The PsmLib.lvRedeemRaWithCtDs() function doesn't decrease the locked amount of RA Sep 25, 2024
@sherlock-admin3 sherlock-admin3 added the Reward A payout will be made for this issue label Sep 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin2 @sherlock-admin3