Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-04-BADGER-CITADEL-FINDINGS-ISSUES-173
HistoryApr 20, 2022 - 12:00 a.m.

deposit()ing when there is no discount results in zero xCitadel bought

2022-04-2000:00:00
Code4rena
github.com
1
vulnerability
citdel
payment
discount
mitigation
asset
code inspection
JSON

Lines of code

Vulnerability details

The amount of citadel bought when there is no discount is always zero. If the user doesn’t specify, or specifies zero as the _minCitadelOut, then the user will get no xCitadel and will still have to pay the full price.

Proof of Concept

If funding.discount is equal to zero, citadelAmount_ will remain at the uninitialized value of zero rather than the correct value of citadelAmountWithoutDiscount

File: src/Funding.sol (lines 202-216)

    function getAmountOut(uint256 _assetAmountIn)
        public
        view
        returns (uint256 citadelAmount_)
    {
        uint256 citadelAmountWithoutDiscount = _assetAmountIn * citadelPriceInAsset;

        if (funding.discount > 0) {
            citadelAmount_ =
                (citadelAmountWithoutDiscount * MAX_BPS) /
                (MAX_BPS - funding.discount);
        }

        citadelAmount_ = citadelAmount_ / assetDecimalsNormalizationValue;
    }

Tools Used

Code inspection

Recommended Mitigation Steps

Initialize citadelAmount_ to citadelAmountWithoutDiscount

The text was updated successfully, but these errors were encountered:

All reactions

JSON