ctf_sec - stakingContext.auraBooster.deposit boolean return value not handled in Boosted3TokenPoolUtils.sol
Opened this issue · 2 comments
ctf_sec
medium
stakingContext.auraBooster.deposit boolean return value not handled in Boosted3TokenPoolUtils.sol
Summary
stakingContext.auraBooster.deposit boolean return value not handled in Boosted3TokenPoolUtils.sol
Vulnerability Detail
the function _joinPoolAndStake in Boosted3TokenPoolUtils.sol is used extensively when handling the token stake.
However, when entering the stake and interacting with external contract, the logic does not handle the returned boolean value in the code below
// Transfer token to Aura protocol for boosted staking
stakingContext.auraBooster.deposit(stakingContext.auraPoolId, bptMinted, true); // stake = true
In the AuraBooster implmenetation, a Boolean is indeed returned to acknowledge that deposit is completely successfully.
https://etherscan.io/address/0x7818A1DA7BD1E64c199029E86Ba244a9798eEE10#code#F34#L1
/**
* @notice Deposits an "_amount" to a given gauge (specified by _pid), mints a `DepositToken`
* and subsequently stakes that on Convex BaseRewardPool
*/
function deposit(uint256 _pid, uint256 _amount, bool _stake) public returns(bool){
Impact
Notional -> AuraBooster -> BaseRewardPool
Without handling the boolean value explitily, there is risk that transaction may be fail sliently.
Because there are two layers of external call
Code Snippet
Tool used
Manual Review
Recommendation
We recommend the project handle the stakingContext.auraBooster.deposit boolean return value explicitly.
// Transfer token to Aura protocol for boosted staking
bool staked = stakingContext.auraBooster.deposit(stakingContext.auraPoolId, bptMinted, true); // stake = true
require(staked, 'stake failed');
LGTM, it correctly handles the returned value from valueauraBooster.deposit
.