Unauthenticated remove liquidty function #99
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate
This issue or pull request already exists
invalid
This doesn't seem right
Comments
code423n4
added
3 (High Risk)
This was referenced Dec 10, 2021
|
All above mentions are erroneous and have been corrected. |
|
The UniswapHandler is just a utility contract that deposits for the msg.sender and sends funds to it |
|
Marking as invalid |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
ad3sh_
Vulnerability details
Impact
Anyone can call removeLiquidity function and remove the liquidity from contract
https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/DexHandlers/UniswapHandler.sol#L221
Contract is not validating or checking the users wallet LP
https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/DexHandlers/UniswapHandler.sol#L222
Attacker can drain the pool by calling remove liquidity
Proof of Concept
https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/DexHandlers/UniswapHandler.sol#L221
while removing the liquidty the function should validate the user's wallet address who is removing the liquidity
second uniswap- handler is calculating price through reservers it may lead price manipulation
Tools Used
Manual
Recommended Mitigation Steps
Add proper fix and validation make functions authentic
use chainlink and weighted geometric mean solution for pricing
The text was updated successfully, but these errors were encountered: