Inaccurate `_totalValue` tracking in `Treasury.sol` due to neglecting token value differences.
Summary
Inaccurate _totalValue tracking in Treasury.sol due to neglecting token value differences.
Vulnerability Details
The _totalValue state variable in Treasury.sol is updated by simply adding or subtracting token amounts during deposits and withdrawals. This approach fails to account for the varying values of different tokens held in the treasury. Consequently, _totalValue becomes an inaccurate representation of the actual treasury value.
Code Snippet:
_totalValue is updated with raw token amounts, disregarding the potentially different and fluctuating values of each token.
Impact
Misleading
getTotalValue(): The function returns an inaccurate total value of treasury assets.Lack of Real Value Metric:
_totalValuebecomes a meaningless metric for assessing the treasury's financial status.
Tools Used
Manual code review.
Recommendations
Implement a value-aware _totalValue update mechanism. Consider:
Value Tracking per Token: Maintain a mapping of token to value and update
_totalValuebased on these tracked values during deposits and withdrawals.Remove
_totalValue: If accurate total value tracking is not critical, consider removing_totalValueto avoid providing a misleading metric.
Lead Judging Commences
Treasury::deposit increments _totalValue regardless of the token, be it malicious, different decimals, FoT etc.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.