Skip to content

Latest commit

 

History

History
52 lines (33 loc) · 1.19 KB

010.md

File metadata and controls

52 lines (33 loc) · 1.19 KB

Low Tangerine Cod

High

downsideProtected is not protected

Summary

downsideProtected is not protected

Root Cause

    function updateDownsideProtected(uint128 downsideProtectedAmount) external {
        downsideProtected += downsideProtectedAmount;
    }

Core_logic/CDS.sol#L829 E.x.

  1. can be set to any value -> _updateCurrentTotalCdsDepositedAmount revert -> deposit reverts.
  2. getTotalCdsDepositedAmount reverts -> withDraw in borrowing.sol reverts, users cannot withdraw funds
  3. getTotalCdsDepositedAmount reverts ->liquidationType1 reverts, liquidation ddosed

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

increase downsideProtectedAmount to uint.max

Impact

withdraw, liquidation, deposit can be ddoes

PoC

No response

Mitigation

-    function updateDownsideProtected(uint128 downsideProtectedAmount) external {
+    function updateDownsideProtected(uint128 downsideProtectedAmount) external onlyAdmin{
        downsideProtected += downsideProtectedAmount;
    }