cducrest-brainbot - SetLimit does not take into account burned OHM

Question

cducrest-brainbot - SetLimit does not take into account burned OHM

Opened this issue a year ago · 3 comments

sherlock-admin commented a year ago

cducrest-brainbot

medium

SetLimit does not take into account burned OHM

Summary

The function setLimit() may not be able to sufficiently restrict mint ability of manager.

Vulnerability Detail

The setLimit() function reverts when newLimit_ < deployedOhm, mintOhmToVault will revert if deployedOhm + amount_ > ohmLimit + circulatingOhmBurned. If the value of circulatingOhmBurned is high, and the admin can only set the limit above deployedOhm, they could end up in a state where they cannot limit the amount the vault is allowed to burn sufficiently. I.e. the vault is always able to mint at least circulatingOhmBurned new tokens.

Note that circulatingOhmBurned is never lowered (even when minting new tokens), so this value could grow arbitrarily high.

Impact

Lack of control of admin on mint ability of manager.

Code Snippet

SetLimit function:
https://github.com/sherlock-audit/2023-03-olympus/blob/main/sherlock-olympus/src/policies/BoostedLiquidity/BLVaultManagerLido.sol#L480-L483

Tool used

Manual Review

Recommendation

Use similar restrictions as in mintOhmToVault() for setLimit or lower circulatingOhmBurned when minting new OHM.

Answer 1 · 2023-03-31T15:41:46.000Z

Same issue as #18

Answer 2 · 2023-04-03T18:30:26.000Z

Fix Implementation: https://github.com/0xLienid/sherlock-olympus/pull/2/files

Answer 3 · 2023-04-12T20:45:42.000Z

Fix looks good. setLimit now properly accounts for circulatingOhmBurned