You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA Medium severity issue.RewardA payout will be made for this issue
VaultLib::__addLiquidityToAmmUnchecked() does not deal with the remaining amounts not sent to the amm, losing them
Summary
VaultLib::__addLiquidityToAmmUnchecked() sets a tolerance for the Ra and Ct tokens to provide liquidity, which means it will not revert in case the tokens up to the tolerance are not provided as liquidity to the Amm. However, it does not track the funds that were not provided to the liquidity, leaving them untracked in the Vault.
Root Cause
In VaultLib:45, the remaining Ra and Ct not provided as liquidity are left untracked and are lost.
Internal pre-conditions
None.
External pre-conditions
None.
Attack Path
VaultLib::__addLiquidityToAmmUnchecked() is called by VaultLib::__provideLiquidity(), called by VaultLib::__provideLiquidityWithRatio() or __provideAmmLiquidityFromPool(), called when a fee is minted from user actions or a new issuance is started.
sherlock-admin3
changed the title
Blurry Blush Mouse - VaultLib::__addLiquidityToAmmUnchecked() does not deal with the remaining amounts not sent to the amm, losing them
0x73696d616f - VaultLib::__addLiquidityToAmmUnchecked() does not deal with the remaining amounts not sent to the amm, losing them
Sep 25, 2024
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA Medium severity issue.RewardA payout will be made for this issue
0x73696d616f
High
VaultLib::__addLiquidityToAmmUnchecked()
does not deal with the remaining amounts not sent to the amm, losing themSummary
VaultLib::__addLiquidityToAmmUnchecked() sets a tolerance for the
Ra
andCt
tokens to provide liquidity, which means it will not revert in case the tokens up to the tolerance are not provided as liquidity to theAmm
. However, it does not track the funds that were not provided to the liquidity, leaving them untracked in theVault
.Root Cause
In
VaultLib:45
, the remainingRa
andCt
not provided as liquidity are left untracked and are lost.Internal pre-conditions
None.
External pre-conditions
None.
Attack Path
VaultLib::__addLiquidityToAmmUnchecked()
is called byVaultLib::__provideLiquidity()
, called byVaultLib::__provideLiquidityWithRatio()
or__provideAmmLiquidityFromPool()
, called when a fee is minted from user actions or a new issuance is started.Impact
The protocol is left with stuck
Ra
andCt
.PoC
VaultLib.sol
Mitigation
Get the actually provided amounts and track the unprovided to liquidity amounts to be dealt with.
Duplicate of #240
The text was updated successfully, but these errors were encountered: