The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Accounting in EUR collateral lacks adequate validation

developerjordy

The vault collateral value lacks adequate validation. The current implementation does not verify validity of the collateral value, which can result in incorrect calculations, potentially resulting in the liquidation of the vault.

The Vault calculates the total EUR value of all acceptedTokens and the balance of the Vault of all these tokens. The return value of the average price is not validated, potentially resulting in a lower total EURO value than the contract really has.

Vulnerability Details

https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/SmartVaultV3.sol#L67-L73

impact

The lack of adequate validation for the vault collateral value introduces a risk of incorrect financial calculations and undermines the reliability of the system's valuation process. This can potentially lead to financial inaccuracies and compromise the integrity of the vault's operations.

POC

The Vault has the following balances
- 1 wbtc
- 500 arb
- 2 eth
PriceCalculator returns correct value
39,300 EUR is minted
The PriceCalculator returns 0 for wbtc, but the rest is correctly returned

Token price used: Sat, 30 Dec, 8.35PM

What should have been returned

Collateral	Amount	Value	Total Value in EUR
wbtc	1	38383.89	38,383.89
arb	500	1.36	680.23
eth	2	2083.07	4,166.13

Total EurCollateral value: 43,230.25 EUR

What is returned

Collateral	Amount	Value	Total Value in EUR
wbtc	1	0	0
arb	500	1.36	680.23
eth	2	2083.07	4,166.13

Total EurCollateral value: 4,846.36 EUR

Resulting in a under collateral vault, which can be liquidated and result in loss funds

Recommended Mitigation Steps

Check the return value of the PriceCalculator and revert if the price is zero

function euroCollateral() private view returns (uint256 euros) {

ITokenManager.Token[] memory acceptedTokens = getTokenManager().getAcceptedTokens();

for (uint256 i = 0; i < acceptedTokens.length; i++) {

ITokenManager.Token memory token = acceptedTokens[i];

- euros += calculator.tokenToEurAvg(token, getAssetBalance(token.symbol, token.addr));

+ uint256 avgPriceValue = calculator.tokenToEurAvg(token, getAssetBalance(token.symbol, token.addr));

+ require(avgPriceValue > 0, "invalid return price");

+ euros += avgPriceValue;

}

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

informational/invalid

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.