Skip to content

Latest commit

 

History

History
39 lines (24 loc) · 1.04 KB

072.md

File metadata and controls

39 lines (24 loc) · 1.04 KB

shaka

medium

Removing collateral token changes order in array

Summary

Removing collateral token changes order in array.

Vulnerability Detail

USSD.sol:removeCollateral() removes from the collateral array the token at a certain index and moves the last token of the array to that index.

When USSDRebalancer.sol:rebalance() is called, the order in which collateral tokens are bought and sold is determined by the order they have in the collateral array.

Impact

Removing a collateral token will also change the order in which tokens are bought and sold when rebalancing.

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L120-L123

Tool used

Manual Review

Recommendation

    function removeCollateral(uint256 _index) public onlyControl  {
-       collateral[_index] = collateral[collateral.length - 1]; 
+       for (uint i = _index; i < collateral.length - 1; i++) {
+           collateral[i] = collateral[i + 1];
+       }
        collateral.pop();
    }