Platform: Code4rena
Start Date: 21/08/2023
Pot Size: $125,000 USDC
Total HM: 26
Participants: 189
Period: 16 days
Judge: GalloDaSballo
Total Solo HM: 3
Id: 278
League: ETH
Rank: 165/189
Findings: 1
Award: $0.07
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xrafaelnicolau
Also found by: 0x111, 0xCiphky, 0xMosh, 0xWaitress, 0xc0ffEE, 0xkazim, 0xnev, 0xvj, ABAIKUNANBAEV, Aymen0909, Baki, ElCid, HChang26, HHK, Inspex, Jorgect, Kow, Krace, KrisApostolov, LFGSecurity, MiniGlome, Nyx, QiuhaoLi, RED-LOTUS-REACH, Talfao, Toshii, Vagner, Viktor_Cortess, Yanchuan, _eperezok, asui, atrixs6, bart1e, bin2chen, carrotsmuggler, chaduke, chainsnake, deadrxsezzz, degensec, dethera, dimulski, dirk_y, ether_sky, gizzy, glcanvas, grearlake, gumgumzum, halden, hals, kodyvim, koo, ladboy233, lanrebayode77, max10afternoon, minhtrng, mussucal, nobody2018, peakbolt, pontifex, qbs, ravikiranweb3, rvierdiiev, said, tapir, ubermensch, volodya, wintermute, yashar, zaevlad, zzebra83
0.0734 USDC - $0.07
Adding to delegate updates totalWethDelegated but withdraw forgot to reduce the totalWethDelegated which invalidates protocol accounting . This will highly affect the sync() as it will make some contract largarly out of sync from subtracting already withdrawn ETH when syncing.
function testWithdraw() public { rdpxV2Core.addToDelegate(1 * 1e18, 10e8); rdpxV2Core.sync(); (address t,uint o,) = rdpxV2Core.getReserveTokenInfo("WETH"); console.log(o,t,weth.balanceOf(address(rdpxV2Core))); // test withdraw with invalid delegate id vm.expectRevert( abi.encodeWithSelector(RdpxV2Core.RdpxV2CoreError.selector, 14) ); rdpxV2Core.withdraw(1); // test withdraw without ownership vm.expectRevert( abi.encodeWithSelector(RdpxV2Core.RdpxV2CoreError.selector, 9) ); vm.prank(address(1), address(1)); rdpxV2Core.withdraw(0); // test withdraw successfully uint256 userBalance = weth.balanceOf(address(this)); rdpxV2Core.withdraw(0); assertEq(weth.balanceOf(address(this)), userBalance + 1 * 1e18); (, uint256 amount, , uint256 activeCollateral) = rdpxV2Core.delegates(0); assertEq(amount, 0); assertEq(activeCollateral, 0); rdpxV2Core.sync(); ( t, o,) = rdpxV2Core.getReserveTokenInfo("WETH"); console.log(o,t,weth.balanceOf(address(rdpxV2Core))); // test withdraw with 0 amount vm.expectRevert( abi.encodeWithSelector(RdpxV2Core.RdpxV2CoreError.selector, 15) ); rdpxV2Core.withdraw(0); // test partial amount rdpxV2Core.addToDelegate(2 * 1e18, 10e8); uint256[] memory _amounts = new uint256[](1); uint256[] memory _delegateIds = new uint256[](1); _delegateIds[0] = 1; _amounts[0] = 2 * 1e18; userBalance = weth.balanceOf(address(this)); (, amount) = rdpxV2Core.calculateBondCost(2e18, 0); rdpxV2Core.bondWithDelegate(address(this), _amounts, _delegateIds, 0); rdpxV2Core.withdraw(1); assertEq(weth.balanceOf(address(this)), userBalance + (2e18 - amount)); }
manuel review
add totalWethDelegated - amountWithdrawn
Error
#0 - c4-pre-sort
2023-09-07T07:40:49Z
bytes032 marked the issue as sufficient quality report
#1 - c4-pre-sort
2023-09-07T07:40:54Z
bytes032 marked the issue as duplicate of #2186
#2 - bytes032
2023-09-07T07:41:05Z
Poor explanation, but has POC.
#3 - c4-judge
2023-10-20T17:53:18Z
GalloDaSballo marked the issue as satisfactory
#4 - c4-judge
2023-10-20T17:55:32Z
GalloDaSballo changed the severity to 2 (Med Risk)
#5 - c4-judge
2023-10-21T07:38:54Z
GalloDaSballo changed the severity to 3 (High Risk)
#6 - c4-judge
2023-10-21T07:42:57Z
GalloDaSballo marked the issue as partial-50