Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

An incorrect value of state.isDelinquent might impact the functionality of hook operations. #21

Closed
c4-bot-8 opened this issue Sep 18, 2024 · 1 comment
Closed

An incorrect value of state.isDelinquent might impact the functionality of hook operations. #21

c4-bot-8 opened this issue Sep 18, 2024 · 1 comment
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-18 sufficient quality report This report is of sufficient quality unsatisfactory does not satisfy C4 submission criteria; not eligible for awards

Comments

@c4-bot-8
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2024-08-wildcat/blob/main/src/market/WildcatMarketBase.sol#L542

Vulnerability details

Impact

By using an incorrect value for state.isDelinquent, hook operations may produce unexpected outcomes.

Proof of Concept

As market operations occur, we can generally assume they follow these steps:

  1. _getUpdatedState(): This step updates the scale factor and fees, processes withdrawal batches, and other preliminary tasks.
  2. Actions: Includes operations like depositing or claiming assets.
  3. Hooks: Invokes the corresponding hook functions of a hook instance.
  4. _writeState(): Finally updates state.isDelinquent and saves it to storage.

As outlined, state.isDelinquent isn't updated until _writeState is executed, yet it is referenced during steps 1-3. Throughout the codebase, we ensure that steps 1-3 do not rely on the state.isDelinquent value in a way that would lead to incorrect operations.

However, since hook templates are dynamically added by the protocol and markets will use them for extended hook monitoring, it is imperative to pass the correct value to hook functions that accurately reflects the current state.

Tools Used

Manual Review

Recommended Mitigation Steps

Update state.isDelinquent in _getUpdatedState function:

  function _getUpdatedState() internal returns (MarketState memory state) {
    state = _state;
+   bool isDelinquent = state.liquidityRequired() > totalAssets();
+   state.isDelinquent = isDelinquent;
    ...
  }

Assessed type

Error
@c4-bot-8 c4-bot-8 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Sep 18, 2024
c4-bot-8 added a commit that referenced this issue Sep 18, 2024
@c4-bot-8
KupiaSec issue #21
341e16a
@howlbot-integration howlbot-integration bot added sufficient quality report This report is of sufficient quality duplicate-18 labels Sep 20, 2024
@c4-judge c4-judge added the unsatisfactory does not satisfy C4 submission criteria; not eligible for awards label Oct 3, 2024
@c4-judge
Copy link
Contributor

c4-judge commented Oct 3, 2024

3docSec marked the issue as unsatisfactory:
Invalid

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-18 sufficient quality report This report is of sufficient quality unsatisfactory does not satisfy C4 submission criteria; not eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@c4-judge @c4-bot-8