Platform: Code4rena
Start Date: 20/01/2022
Pot Size: $80,000 USDC
Total HM: 5
Participants: 37
Period: 7 days
Judge: Jack the Pug
Total Solo HM: 1
Id: 76
League: ETH
Rank: 14/37
Findings: 1
Award: $1,095.71
π Selected for report: 1
π Solo Findings: 0
1095.7138 USDC - $1,095.71
kenzo
The escalate function tries to check that the user has sent enough funds to stake, before proceeding.
But it is checking the wrong value; it is checking that the user has sent BOND, which is ~10k and less than the actual staking bond, which is around ~20k.
The check/revert is wrong and ineffective. User might have sent wrong amount, and his transaction would get reverted later and lose funds for gas.
The bond is only 9600USDC. (Bond, not James Bond)
escalate function checks that the user has sent at least BOND tokens, and reverts if not.
But during escalate, UMA will claim more tokens than BOND:
She will claim bond+finalFee during requestAndProposePriceFor,
and will claim additional bond+finalFee during disputePriceFor.
Therefore, checking that the user only sent BOND is an ineffective check.
Change the check to check that the user has sent the full staking amount - 2*bond + 2*finalFee.
#0 - Evert0x
2022-02-09T19:21:54Z
G gas issue
#1 - jack-the-pug
2022-03-28T04:34:31Z
The downside of not having the check earlier is that the user wont get a readable error.
If one of the reason to have that check in the first place is to give user a meanful error when the amount is not sufficient, then we should probably update the check and make it more precise.
The same issue was also noticed by GreyArt at #227. I believe it's more fair to put a low than a gas for this finding.