Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PositionActionPendle needs predefined amount which cannot be accurately calculated #117

Closed
c4-bot-8 opened this issue Aug 15, 2024 · 2 comments
Closed

PositionActionPendle needs predefined amount which cannot be accurately calculated #117

c4-bot-8 opened this issue Aug 15, 2024 · 2 comments
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-87 🤖_54_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards sufficient quality report This report is of sufficient quality

Comments

@c4-bot-8
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2024-07-loopfi/blob/57871f64bdea450c1f04c9a53dc1a78223719164/src/proxy/PositionActionPendle.sol#L61-L65

Vulnerability details

Impact

Transactions can revert/user's can loose assets when performing PositionActionPendle's _onIncreaseLever

Proof of Concept

PositionActionPendle's _onIncreaseLever function adds liquidity to the Pendle pool. The amount of tokens to be added has to be precomputed before the call itself

    function _onIncreaseLever(
        LeverParams memory leverParams,
        address /*upFrontToken*/,
        uint256 /*upFrontAmount*/,
        uint256 /*swapAmountOut*/
    ) internal override returns (uint256 addCollateralAmount) {
        if (leverParams.auxAction.args.length != 0) {
            _delegateCall(
                address(poolAction), abi.encodeWithSelector(poolAction.join.selector, leverParams.auxAction)
            );

But since the actual amount of tokens that will be available is dependent on the slippage of the swap performed earlier, the calculated amount can be incorrect causing either the transaction to revert or any additional tokens to be lost

    function onFlashLoan(
        address /*initiator*/,
        address /*token*/,
        uint256 amount,
        uint256 fee,
        bytes calldata data
    ) external returns (bytes32) {
        
        ....
        
        bytes memory swapData = _delegateCall(
            address(swapAction),
            abi.encodeWithSelector(swapAction.swap.selector, leverParams.primarySwap)
        );
        uint256 swapAmountOut = abi.decode(swapData, (uint256));


        // deposit collateral and handle any CDP specific actions
        uint256 collateral = _onIncreaseLever(leverParams, upFrontToken, upFrontAmount, swapAmountOut);

Tools Used

Manual review

Recommended Mitigation Steps

Use the actual obtained amount similar to the one implemented for balancer's join

Assessed type

Other
@c4-bot-8 c4-bot-8 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Aug 15, 2024
c4-bot-2 added a commit that referenced this issue Aug 15, 2024
@c4-bot-2
hash issue #117
fd64325
@c4-bot-11 c4-bot-11 added the 🤖_54_group AI based duplicate group recommendation label Aug 15, 2024
@howlbot-integration howlbot-integration bot added sufficient quality report This report is of sufficient quality duplicate-86 labels Aug 20, 2024
@c4-judge
Copy link
Contributor

c4-judge commented Oct 1, 2024

koolexcrypto marked the issue as duplicate of #87

@c4-judge
Copy link
Contributor

c4-judge commented Oct 1, 2024

koolexcrypto marked the issue as satisfactory

@c4-judge c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Oct 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-87 🤖_54_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards sufficient quality report This report is of sufficient quality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@c4-judge @c4-bot-8 @c4-bot-11 @c4-bot-12