Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

0x46 - Improper validation of exitContribution #55

Open
sherlock-admin2 opened this issue Oct 31, 2024 · 1 comment
Open

0x46 - Improper validation of exitContribution #55

sherlock-admin2 opened this issue Oct 31, 2024 · 1 comment
Labels
Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Oct 31, 2024
edited by sherlock-admin3
Loading

0x46

Medium

Improper validation of exitContribution

Summary

The missing check in BancorExchangeProvider.sol: setExitContribution() will cause transaction reversion in swap functions for users as the function allows exitContribution to reach its maximum value (MAX_WEIGHT), which creates divisibility issues in subsequent calculations.

Setting exitContribution to MAX_WEIGHT causes division by zero in calculations for determining scaledAmountIn and scaledAmountOut, leading to reverts in swap functions like _getScaledAmountIn and _getScaledAmountOut.

Root Cause

https://github.com/sherlock-audit/2024-10-mento-update/blob/main/mento-core/contracts/goodDollar/BancorExchangeProvider.sol#L265
fails to account for the scenario when exitContribution equals MAX_WEIGHT, which creates a division by zero issue in calculations, specifically:
https://github.com/sherlock-audit/2024-10-mento-update/blob/main/mento-core/contracts/goodDollar/BancorExchangeProvider.sol#L311
https://github.com/sherlock-audit/2024-10-mento-update/blob/main/mento-core/contracts/goodDollar/BancorExchangeProvider.sol#L345

Internal pre-conditions

Admin must call setExitContribution() and set exitContribution to exactly MAX_WEIGHT.

External pre-conditions

No response

Attack Path

No response

Impact

The protocol cannot process any transactions in affected pools as every swapIn or swapOut operation will revert. This causes a full denial of service on the impacted pools, affecting users attempting to transact.

PoC

No response

Mitigation

In BancorExchangeProvider.sol: setExitContribution(), update the requirement to prevent exitContribution from equaling MAX_WEIGHT:

require(exitContribution < MAX_WEIGHT, "Exit contribution is too high");
@sherlock-admin3 sherlock-admin3 changed the title Calm Sandstone Shell - Improper validation of exitContribution 0x46 - Improper validation of exitContribution Nov 5, 2024
@sherlock-admin2
Copy link
Contributor Author

The protocol team fixed this issue in the following PRs/commits:
mento-protocol/mento-core#549

@sherlock-admin3 sherlock-admin3 added Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed labels Nov 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin2 @sherlock-admin3