Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-07-POOLTOGETHER-FINDINGS-ISSUES-377
HistoryJul 14, 2023 - 12:00 a.m.

Incorrect distribution of shares and liquidity as a result of total number of shares not equaling 100

2023-07-1400:00:00
Code4rena
github.com
3
vulnerability
funds distribution
constructor validation
mitigation
tieredliquiditydistributor
JSON

Lines of code

Vulnerability details

Impact

If the shares are not properly validated and do not add up to 100, there will be an imbalance in the distribution of funds resulting in loss of funds or locked funds that cannot be accessed or distributed correctly.

Proof of Concept

The constructor of the TieredLiquidityDistributor contract sets the values of _tierShares, _canaryShares, and _reserveShares based on the arguments passed to it. However, it does not include any validation to ensure that the sum of these values equals 100, which is a common requirement for distributing shares.

Tools Used

Manual

Recommended Mitigation Steps

Modify the constructor to ensure that _tierShares + _canaryShares + _reserveShares == 100. This check will ensure the correct distribution of shares and liquidity among tiers and prevent any unintended consequences due to incorrect share allocations.

Assessed type

Invalid Validation

The text was updated successfully, but these errors were encountered:

All reactions

JSON