Platform: Code4rena
Start Date: 22/05/2024
Pot Size: $20,000 USDC
Total HM: 6
Participants: 126
Period: 5 days
Judge: 0xsomeone
Total Solo HM: 1
Id: 379
League: ETH
Rank: 118/126
Findings: 1
Award: $0.01
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: robertodf99
Also found by: 0xAadi, 0xAkira, 0xdice91, 0xhacksmithh, 0xleadwizard, AgileJune, Bauchibred, Bbash, Beosin, Bigsam, Dots, EPSec, EaglesSecurity, Eeyore, Evo, John_Femi, Mahmud, MrPotatoMagic, RotiTelur, Rushkov_Boyan, Sabit, Sentryx, Stormreckson, Topmark, Tychai0s, Utsav, Walter, ZanyBonzy, ZdravkoHr, adam-idarrha, araj, aslanbek, avoloder, bigtone, brevis, brgltd, carrotsmuggler, crypticdefense, dd0x7e8, dhank, djanerch, falconhoof, iamandreiski, joaovwfreire, leegh, merlinboii, mitko1111, pamprikrumplikas, pfapostol, prapandey031, swizz, trachev, twcctop, typicalHuman, unique, xyz
0.0148 USDC - $0.01
https://github.com/code-423n4/2024-05-munchables/blob/main/src/managers/LockManager.sol#L225-L226
If an approver approves the USD Price (by means of approveUSDPrice function), and later they change their mind and attempt to disapprove it (by means of disapproveUSDPrice), they will not be able to do so, thus leading to approval outcomes which don’t reflect the approver’s real intention.
An approver approves the USD Price by calling the approveUSDPrice function.
// LockManager.sol function approveUSDPrice(uint256 _price) ... { ... usdUpdateProposal.approvals[msg.sender] = _usdProposalId; ... }
Later on, they realize that the approval was erroneous and in fact the intention was to disapprove the USD price (or they just simply change their mind). They call the disapproveUSDPrice function expecting that the USD price will be disapproved. However, the function reverts as the value of usdUpdateProposal.disapprovals[msg.sender] is already set with _usdProposalId for this particular approver.
// LockManager.sol function disapproveUSDPrice(uint256 _price) ... { ... // the function reverts on the following line if (usdUpdateProposal.approvals[msg.sender] == _usdProposalId) revert ProposalAlreadyApprovedError(); ... // the following line will not be executed usdUpdateProposal.disapprovals[msg.sender] = _usdProposalId; ... }
Remove the respective check:
// LockManager.sol function disapproveUSDPrice(uint256 _price) ... { ... - if (usdUpdateProposal.approvals[msg.sender] == _usdProposalId) - revert ProposalAlreadyApprovedError(); ... }
Other
#0 - CloudEllie
2024-06-02T11:02:02Z
See sponsor comment on #76
#1 - c4-judge
2024-06-03T11:48:10Z
alex-ppg marked the issue as duplicate of #104
#2 - c4-judge
2024-06-05T12:42:48Z
alex-ppg marked the issue as satisfactory