Submission Details
Severity:
`ReseedSilo` does not set global state variables
Summary
ReseedSilo does not set global state variables
Vulnerability Details
When migrating deposits within ReseedSilo, users are given the stalk they should have. However, global variables such as s.sys.silo.stalk and s.sys.silo.roots are never increased (roots are never allocated anyway, but that's another issue).
// increment stalkForAccount by the stalk issued per BDV.
// placed outside of loop for gas effiency.
accountStalk += stalkIssuedPerBdv * totalBdvForAccount;
// set stalk for account.
s.accts[deposits.accounts].stalk = accountStalk;
}
// verify that the total deposited and total deposited bdv are correct.
require(
totalCalcDeposited == siloDeposit.totalDeposited,
"ReseedSilo: INVALID_TOTAL_DEPOSITS"
);
require(
totalCalcDepositedBdv == siloDeposit.totalDepositedBdv,
"ReseedSilo: INVALID_TOTAL_DEPOSITED_BDV"
);
// set global state
s.sys.silo.balances[siloDeposit.token].deposited = siloDeposit.totalDeposited;
s.sys.silo.balances[siloDeposit.token].depositedBdv = siloDeposit.totalDepositedBdv;
}
Impact
Global variables are not set. Multiple major functions which depend on it (such as withdrawing, minting stalk, burning stalk) will fail/ lead to unexpected results.
Tools Used
Manual review
Recommendations
Increase the global variables.
Updates
Lead Judging Commences
inallhonesty about 1 year ago
Submission Judgement Published Assigned finding tags:
ReseedSilo doesn't update global `s.sys.silo.stalk` and `s.sys.silo.roots`
Prize pool breakdown
Total prize
250,000 USDC
nSLOC
12,28520 USDC / LOC
220,000 USDC
10,000 USDC
20,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.