Platform: Code4rena
Start Date: 09/12/2022
Pot Size: $90,500 USDC
Total HM: 35
Participants: 84
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 12
Id: 192
League: ETH
Rank: 52/84
Findings: 1
Award: $133.36
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xsomeone
Also found by: 0xhacksmithh, 8olidity, Critical, Ruhum, SamGMK, Secureverse, Tointer, __141345__, aviggiano, rotcivegaf
133.3608 USDC - $133.36
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/StableVault.sol#L44 https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/StableVault.sol#L65
Users can withdraw more value than they deposited. This will lead to the vault losing value because stableVault treats all whiteListed tokens as the same.
A malicious actor deposits a whiteListed token with a low value in return mints tigUsd tokens. They then call the withdrawal function and pass in a token with a higher value as their withdrawal token. The withdrawal function burns tigUsd and transfers their specified token amount which is a higher value than the one they initially deposited.
Step 1 -> deposit -> 10 token A worth $90 -> receives 10 tigUsd
Step 2 -> withdraw -> 10 token B worth $100 -> burns 10 tigUsd
Manual
Track the particular tokens deposited by users and how much of it is in the vault.
#0 - c4-judge
2022-12-20T16:12:26Z
GalloDaSballo marked the issue as duplicate of #462
#1 - c4-judge
2023-01-22T17:36:48Z
GalloDaSballo marked the issue as satisfactory