cducrest-brainbot - SetLimit does not take into account burned OHM
Opened this issue · 3 comments
cducrest-brainbot
medium
SetLimit does not take into account burned OHM
Summary
The function setLimit()
may not be able to sufficiently restrict mint ability of manager.
Vulnerability Detail
The setLimit()
function reverts when newLimit_ < deployedOhm
, mintOhmToVault will revert if deployedOhm + amount_ > ohmLimit + circulatingOhmBurned
. If the value of circulatingOhmBurned
is high, and the admin can only set the limit above deployedOhm
, they could end up in a state where they cannot limit the amount the vault is allowed to burn sufficiently. I.e. the vault is always able to mint at least circulatingOhmBurned
new tokens.
Note that circulatingOhmBurned
is never lowered (even when minting new tokens), so this value could grow arbitrarily high.
Impact
Lack of control of admin on mint ability of manager.
Code Snippet
SetLimit function:
https://github.com/sherlock-audit/2023-03-olympus/blob/main/sherlock-olympus/src/policies/BoostedLiquidity/BLVaultManagerLido.sol#L480-L483
Tool used
Manual Review
Recommendation
Use similar restrictions as in mintOhmToVault()
for setLimit
or lower circulatingOhmBurned
when minting new OHM.
Fix Implementation: https://github.com/0xLienid/sherlock-olympus/pull/2/files
Fix looks good. setLimit now properly accounts for circulatingOhmBurned