Platform: Code4rena
Start Date: 02/08/2023
Pot Size: $42,000 USDC
Total HM: 13
Participants: 45
Period: 5 days
Judge: hickuphh3
Total Solo HM: 5
Id: 271
League: ETH
Rank: 16/45
Findings: 1
Award: $321.32
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: bin2chen
Also found by: Angry_Mustache_Man, Giorgio, dirk_y
321.319 USDC - $321.32
The _computeAvailable function in VaultBooster.sol could potentially overstate the available balance in certain situations. Two functions rely on _computeAvailable for determining the available funds, such as liquidate, _accrue.
If the overstated balance from _computeAvailable is larger than _amountOut, the function would not revert as it should when there are insufficient real funds. This would lead to an inconsistent state where boost.available reflects a balance larger than the actual tokens available in the contract,
The vulnerability lies in the _computeAvailable function:
return boost.available + deltaAmount;
If deltaAmount is greater than the actual available balance, the function can return a value larger than the real balance of the contract. Thus impacting the normal functioning of functions that rely on _computeAvailable, such as liquidate and _accrue.
Manual review
To prevent this from happening, an additional check should be added in _computeAvailable function to ensure that the returned value does not exceed the contract's actual balance.
This could be implemented at the end of computeAvailable.
uint256 computedAvailable = boost.available + deltaAmount; return computedAvailable <= availableBalance ? computedAvailable : availableBalance;
Invalid Validation
#0 - c4-pre-sort
2023-08-08T04:03:59Z
raymondfam marked the issue as duplicate of #90
#1 - c4-judge
2023-08-14T07:09:02Z
HickupHH3 marked the issue as satisfactory