Platform: Code4rena
Start Date: 17/03/2022
Pot Size: $30,000 USDC
Total HM: 8
Participants: 43
Period: 3 days
Judge: gzeon
Total Solo HM: 5
Id: 100
League: ETH
Rank: 36/43
Findings: 1
Award: $51.88
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: defsec
Also found by: 0x1f8b, 0xDjango, 0xNazgul, 0xkatana, 0xwags, CertoraInc, Funen, GeekyLumberjack, GreyArt, IllIllI, Kenshin, Ruhum, TerrierLover, WatchPug, berndartmueller, bugwriter001, cccz, cmichel, csanuragjain, hake, kenta, kirk-baird, leastwood, minhquanym, oyc_109, peritoflores, rayn, remora, rfa, robee, saian, samruna, sorrynotsorry, wuwe1
51.8842 USDC - $51.88
https://github.com/code-423n4/2022-03-prepo/blob/main/contracts/core/Collateral.sol#L169
Funds will be stuck in Collateral.sol
If _fee == _amountWithdrawn the withdraw will fail. If that is all that the account has left the funds will be stuck in the contract.
FEE_DENOMINATOR = 1000000 _redemptionFee = 100 _amountWithdrawn = 1
using the above settings _fee will equal 1 which will fail on the require statement require(_amountWithdrawn > _fee, "Withdrawal amount too small")
Remix / manual analysis
change the require statement to require(_amountWithdrawn >= _fee, "Withdrawal amount too small")
#0 - ramenforbreakfast
2022-03-22T23:49:22Z
This results in a negligible amount stuck. Unless it can be demonstrated that this edge case would result in more serious consequences, I will mark this as disputed.
#1 - gzeoneth
2022-04-03T14:01:49Z
Agree with sponsor, treating this as warden's QA Report
#2 - JeeberC4
2022-04-12T18:25:08Z
Judge downgraded, warden did not submit a QA report, preserving original title: Funds stuck in Collateral.sol by corner case