Submission Details
Severity:
PriorityPool::setQueueDepositParams doesnt check _queueDepositMin < _queueDepositMax leading to potential contract incorrect behaviour
Summary
PriorityPool::setQueueDepositParams function sets the minimum and maximum amount that can be deposited into strategies at once, however doesnt check _queueDepositMin < _queueDepositMax breaking invariant.
Vulnerability Details
PriorityPool::setQueueDepositParams doesnt check _queueDepositMin < _queueDepositMax leading to potential contract incorrect behaviour
function setQueueDepositParams(
uint128 _queueDepositMin,
uint128 _queueDepositMax
) external onlyOwner {
queueDepositMin = _queueDepositMin;
queueDepositMax = _queueDepositMax;
emit SetQueueDepositParams(_queueDepositMin, _queueDepositMax);
}
Impact
Breaking invariants could lead to potential contract incorrect behaviour
Tools Used
Manual Review
Recommendations
Implement a check to require queueDepositMin < queueDepositMax
function setQueueDepositParams(
uint128 _queueDepositMin,
uint128 _queueDepositMax
) external onlyOwner {
queueDepositMin = _queueDepositMin;
queueDepositMax = _queueDepositMax;
require(queueDepositMin < queueDepositMax, " wrong values");
emit SetQueueDepositParams(_queueDepositMin, _queueDepositMax);
}
Prize pool breakdown
Total prize
50,000 USDC
nSLOC
2,53020 USDC / LOC
42,000 USDC
4,250 USDC
3,750 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.