Back to caventa's contests

Lybra Finance - caventa's results

A protocol building the first interest-bearing omnichain stablecoin backed by LSD.

General Information

Platform: Code4rena

Start Date: 23/06/2023

Pot Size: $60,500 USDC

Total HM: 31

Participants: 132

Period: 10 days

Judge: 0xean

Total Solo HM: 10

Id: 254

League: ETH

Lybra Finance

Findings Distribution

Researcher Performance

Rank: 65/132

Findings: 1

Award: $84.36

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryLybra Finance

Findings Information

🌟 Selected for report: 0xRobocop

Also found by: Kenshin, RedTiger, caventa, gs8nrv, josephdara, smaul

Labels

bug
2 (Med Risk)
satisfactory
edited-by-warden
duplicate-3

Awards

84.3563 USDC - $84.36

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/configuration/LybraConfigurator.sol#L127 https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/configuration/LybraConfigurator.sol#L198-L205 https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/configuration/LybraConfigurator.sol#L331-L336 https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/configuration/LybraConfigurator.sol#L338-L341

Vulnerability details

Impact

Wrong if clause allows vaultBadCollateralRatio value that is larger than vaultSafeCollateralRatio value to be set

Proof of Concept

vaultBadCollateralRatio should always less than vaultSafeCollateralRatio

As shown in the code, vaultBadCollateralRatio = vaultSafeCollateralRatio - 10 (See LybraConfigurator.sol#L338-L341 and LybraConfigurator.sol#L198-L205)

However, badCollateralRatio is allowed to be reset with a wrong condition rule (See the following code => LybraConfigurator.sol#L126-L130)

    function setBadCollateralRatio(address pool, uint256 newRatio) external onlyRole(DAO) {
        require(newRatio >= 130 * 1e18 && newRatio <= 150 * 1e18 && newRatio <= vaultSafeCollateralRatio[pool] + 1e19, "LNA"); // @audit-info WRONG!
        vaultBadCollateralRatio[pool] = newRatio;
        emit SafeCollateralRatioChanged(pool, newRatio);
    }

where new badCollateralRatio can be larger than vaultSafeCollateralRatio by at most 10 (Which is wrong)

Tools Used

Manual

Change LybraConfigurator#setBadCollateralRatio

    function setBadCollateralRatio(address pool, uint256 newRatio) external onlyRole(DAO) {
        --- require(newRatio >= 130 * 1e18 && newRatio <= 150 * 1e18 && newRatio <= vaultSafeCollateralRatio[pool] + 1e19, "LNA"); //@audit
        +++ require(newRatio >= 130 * 1e18 && newRatio <= 150 * 1e18 && newRatio <= vaultSafeCollateralRatio[pool] - 1e19, "LNA"); //@audit
        vaultBadCollateralRatio[pool] = newRatio;
        emit SafeCollateralRatioChanged(pool, newRatio);
    }

Assessed type

Invalid Validation

#0 - c4-pre-sort

2023-07-08T21:41:02Z

JeffCX marked the issue as duplicate of #3

#1 - c4-judge

2023-07-28T15:44:48Z

0xean marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter