EUSDMiningIncentives.purchaseOtherEarnings()
call latestRoundData()
but does not check if lbrPrice > 0
#157
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-490
grade-c
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Lines of code
https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/miner/EUSDMiningIncentives.sol#L212
Vulnerability details
Impact
EUSDMiningIncentives.purchaseOtherEarnings()
calllatestRoundData()
but does not check iflbrPrice > 0
If
lbrPrice
< 0, and theuint256(lbrPrice)
will be so large, and cause the result ofbiddingFee
is wrong.Proof of Concept
As we can see, the
EUSDMiningIncentives.purchaseOtherEarnings()
calllatestRoundData()
but does not check iflbrPrice > 0
Tools Used
vs code
Recommended Mitigation Steps
Check the return value of
latestRoundData()
such as :sherlock-audit/2023-02-blueberry-judging#94
Assessed type
Math
The text was updated successfully, but these errors were encountered: