Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

caventa - Asset manager's deposit, withdraw and rebalance function calls will get reverted when one of the adapters is broken or paused #37

Open
sherlock-admin opened this issue Nov 4, 2022 · 1 comment
Open

caventa - Asset manager's deposit, withdraw and rebalance function calls will get reverted when one of the adapters is broken or paused #37

sherlock-admin opened this issue Nov 4, 2022 · 1 comment
Labels
Medium Sponsor Confirmed

Comments

@sherlock-admin
Copy link
Contributor

caventa

medium

Asset manager's deposit, withdraw and rebalance function calls will get reverted when one of the adapters is broken or paused

Summary

Asset manager's deposit, withdraw and rebalance function calls will get reverted when one of the adapters is broken or paused.

Vulnerability Detail

A given MoneyMarketAdapters can temporally or even permanently becomes malfunctioning (cannot deposit/withdraw) for all sorts of reasons. This results in all the other deposit, withdraw and rebalance calls to other adapters getting reverted.

Eg, Aave V2 Lending Pool can be paused, which will prevent multiple core functions that the Aave v2 depends on from working, including deposit() and withdraw().

Impact

When Aave V2 Lending Pool is paused, deposit, withdraw, and rebalance function calls on other adapters will get reverted.

Code Snippet

https://github.com/sherlock-audit/2022-10-union-finance/blob/main/union-v2-contracts/contracts/asset/AssetManager.sol#L290
https://github.com/sherlock-audit/2022-10-union-finance/blob/main/union-v2-contracts/contracts/asset/AssetManager.sol#L307
https://github.com/sherlock-audit/2022-10-union-finance/blob/main/union-v2-contracts/contracts/asset/AssetManager.sol#L529
https://github.com/sherlock-audit/2022-10-union-finance/blob/main/union-v2-contracts/contracts/asset/AssetManager.sol#L537
https://github.com/sherlock-audit/2022-10-union-finance/blob/main/union-v2-contracts/contracts/asset/AssetManager.sol#L357
https://github.com/sherlock-audit/2022-10-union-finance/blob/main/union-v2-contracts/contracts/asset/AssetManager.sol#L514

Tool used

Manual Review

Recommendation

Consider adding a try-catch clause to every code snippet written above so that when the pool is paused in AaveV2, deposit, withdrawal, and rebalance function calls are still allowed on other adapters.

For eg (For AssetManager.sol#L357) :

try moneyMarket.withdraw(token, account, withdrawAmount) {
 // Code added when there is no exception thrown
} catch {
// Code added when there is an exception thrown
}
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Medium Sponsor Confirmed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kingjacob @GeraldHost @sherlock-admin