Submission Details
Severity:
`LibFertilizer.beginBarnRaiseMigration()` incorrectly checks that Oracle supports such token
Summary
Here you can see it calls LibUsdOracle to ensure it supports token. However LibUsdOracle.getTokenPrice() returns 0 on failure instead of revert.
function beginBarnRaiseMigration(address well) internal {
...
// Check that Lib Usd Oracle supports the non-Bean token in the Well.
@> LibUsdOracle.getTokenPrice(address(tokens[tokens[0] == C.bean() ? 1 : 0]));
...
}
Impact
Well with unsupported token can be migrated by mistake because sanity check doesn't work.
Tools Used
Manual Review
Recommendations
// Check that Lib Usd Oracle supports the non-Bean token in the Well.
- LibUsdOracle.getTokenPrice(address(tokens[tokens[0] == C.bean() ? 1 : 0]));
+ require(LibUsdOracle.getTokenPrice(address(tokens[tokens[0] == C.bean() ? 1 : 0])) != 0)
Updates
Appeal created
T1MOH
about 1 year ago
inallhonesty
about 1 year ago
inallhonesty about 1 year ago
Submission Judgement Published Assigned finding tags:
`LibFertilizer.beginBarnRaiseMigration()` incorrectly checks that Oracle supports such token
Prize pool breakdown
Total prize
250,000 USDC
nSLOC
12,28520 USDC / LOC
220,000 USDC
10,000 USDC
20,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.