Algo Ssstablecoinsss

First Flight #30
Beginner FriendlyDeFi
100 EXP
View results
Submission Details
Severity: low
Invalid

Lack of Validation in redeem_collateral Function

Summary

The redeem_collateral function lacks a proper check for user balance or ownership of collateral before attempting redemption. Anyone can call this function, which results in unnecessary reverts when the caller does not have sufficient collateral. While this does not pose a risk to protocol funds, it can lead to user confusion, inefficiency, and potential denial-of-service-like behavior.

Vulnerability Details

If msg.sender does not exist in self.user_to_token_address_to_amount_deposited, the default balance (0) is returned. Attempting to subtract amount_collateral from 0 results in a Vyper underflow revert. While this revert prevents unauthorized fund access, it may lead to unnecessary transaction failures and confusion.

Impact

User experience is degraded, and system clarity is reduced but funds are not at risk so the impact is low

Likelihood

It may occur if users make invalid calls or if malicious actors attempt denial-of-service-like behavior so the likelihood is medium

Tools Used

Manual Code Review, ChatGPT

Recommendations

Update redeem function

@external
def redeem_collateral(token_collateral_address: address, amount_collateral: uint256):
+ assert self.user_to_token_address_to_amount_deposited[msg.sender][token_collateral_address] >= amount_collateral, "Insufficient collateral balance"
self._redeem_collateral(token_collateral_address, amount_collateral, msg.sender, msg.sender)
Updates

Lead Judging Commences

bube Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.