Core Contracts

Summary

The Treasury contract’s allocateFunds function allows an allocator to record an allocation amount for a recipient without verifying that the treasury holds sufficient funds. This lack of validation means that an allocator can specify an allocation far over the treasury’s actual balance. If external systems or users rely on these allocation records as a guarantee of available funds, withdrawals or fund transfers may fail, leading to operational disruptions for the protocol.

Vulnerability Details

The function verifies that the recipient address is non-zero, ensures the amount is not zero but does not check whether the treasury’s current balance is sufficient to back the specified allocation.

Because there is no validation against the actual treasury balance or total value held, an allocator can assign an allocation that exceeds the funds available in the treasury.

In a situation where an external system or user might rely on the allocation records to determine available funds for withdrawal or other operations. If such an allocation is executed:

• The system may attempt to withdraw or reserve funds based on the recorded allocation.

• When a withdrawal is initiated for the full allocated amount, the treasury would be unable to fulfil it due to insufficient balance.

• This could result in failed withdrawals or operations.

Impact

• Users or external systems that depend on the allocation records may encounter failed withdrawal attempts when the treasury’s actual funds are lower than the recorded allocation.

• Overstated allocations can lead to mismanagement of funds, making it appear that more fund is reserved or available than are truly held.

Tools Used

• Manual review

Recommendations

Update the allocateFunds function to verify that the allocated amount does not exceed the available treasury balance for the relevant token