Skip to content
This repository has been archived by the owner on Dec 31, 2023. It is now read-only.

Latest commit

 

History

History
40 lines (24 loc) · 1.44 KB

140.md

File metadata and controls

40 lines (24 loc) · 1.44 KB
Raw

stuart_the_minion

medium

stuart_the_minion - Need to check maximum value of numberOfStable and numberOfNS in D3Maker::setNewToken()

stuart_the_minion medium

Summary

If numberOfNS or numberOfStable of maker state exceeds 128, further tokens will start allFlag bit index from 0, and it will make cumulative values of further tokens totally messed.

Vulnerability Detail

Each bit of allFlag in D3Storage represents cumulative status of the corresponding token. Even index bit represents stable token while odd index bit represents non-stable one. If either number of stable or non-stable tokens is greater than 128, the allFlag bit index will start from 0 again and first token and 129th token will conflict on allFlag.

Impact

By this issue, selling or buying tokens will be affected. Actually, this issue is high risk but more than 128 tokens is a rare case, so I evaluate this as medium by myself.

Code Snippet

/DODOV3MM/D3Pool/D3Maker.sol#L158C5-L213C6

Tool used

Manual Review

Recommendation

Add validation of number of tokens at the beginning of D3Maker::setNewToken() function

if (stableOrNot)
    require(state.priceListInfo.numberOfStable < 128, "Number of stable tokens exceeded");
else
    require(state.priceListInfo.numberOfNS < 128, "Number of non-stable tokens exceeded");