Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

Lambda - AssetManager.removeAdapter: Adapter not removed from withdrawSeq #65

Closed
sherlock-admin opened this issue Nov 4, 2022 · 0 comments
Closed

Lambda - AssetManager.removeAdapter: Adapter not removed from withdrawSeq #65

sherlock-admin opened this issue Nov 4, 2022 · 0 comments
Labels
Duplicate Medium

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Nov 4, 2022
edited
Loading

Lambda

medium

AssetManager.removeAdapter: Adapter not removed from withdrawSeq

Summary

When an adapter is removed, the corresponding entry is not removed form withdrawSeq, causing a revert on withdrawals

Vulnerability Detail

In AssetManager, the indices of the adapters are added to the list withdrawSeq. However, when an adapter is removed using removeAdapter, the indices are not updated. Therefore, moneyMarketsLength - 1 (that now no longer exists) and index (that now refers to another adapter, because positions were swapped) will still be in the list.

Impact

Because withdraw iterates over the whole withdrawSeq list and accesses these indices, this will cause an out-of-bounds access there, meaning that withdrawals revert.

Code Snippet

https://github.com/sherlock-audit/2022-10-union-finance/blob/main/union-v2-contracts/contracts/asset/AssetManager.sol#L396

Tool used

Manual Review

Recommendation

Change the two indices (removal & update) within withdrawSeq when removing an adapter.

Duplicate of #76
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate Medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin