Platform: Code4rena
Start Date: 13/03/2023
Pot Size: $72,500 USDC
Total HM: 33
Participants: 35
Period: 7 days
Judge: Dravee
Total Solo HM: 16
Id: 222
League: ETH
Rank: 30/35
Findings: 1
Award: $105.15
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: rbserver
Also found by: CRYP70, DadeKuma, Diana, sakshamguruji
105.1468 USDC - $105.15
https://github.com/code-423n4/2023-03-polynomial/blob/main/src/KangarooVault.sol#L436
The function removeCollateral inside kangaroo vault misses the modifier whenNotPaused , similar pattern can be seen in the exchange contract here https://github.com/code-423n4/2023-03-polynomial/blob/main/src/Exchange.sol#L131
where it uses the modifier.
The protocol expects that the removeCollateral should be called only when the modifier whenNotPaused passes ,
though this is checked in exchange contract , this is missing in kangaroo vault , see this test case
function testCollateralManagement() public { //POC uint256 amt = 1e18; uint256 collDelta = 1000e18; kangaroo.openPosition(amt, 0); skip(100); kangaroo.executePerpOrders(emptyData); kangaroo.clearPendingOpenOrders(0); (,,,,,,, uint256 initialColl,) = kangaroo.positionData(); kangaroo.addCollateral(collDelta); (,,,,,,, uint256 finalColl,) = kangaroo.positionData(); assertEq(finalColl, initialColl + collDelta); systemManager.setStatusFunction("EXCHANGE_REMOVE_COLLATERAL" , true); kangaroo.removeCollateral(collDelta); (,,,,,,, uint256 newColl,) = kangaroo.positionData(); assertEq(newColl, initialColl); }
Tweaked this test case and added the line systemManager.setStatusFunction("EXCHANGE_REMOVE_COLLATERAL" , true); , eventhough paused the function works just fine.
Manual analysis
Add the recommended modifier
#0 - c4-judge
2023-03-22T20:10:37Z
JustDravee marked the issue as duplicate of #232
#1 - c4-judge
2023-05-03T00:06:25Z
JustDravee marked the issue as satisfactory