0xlucky - Check for amount to invest is should be less than predefined is not there is addInvestmentRecords() #297
Comments
sherlock-admin3
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
0xlucky
High
Check for amount to invest is should be less than predefined is not there is addInvestmentRecords()
Summary
In invest function, check if kyc address has already invested the max stablecoin-equivalent amount for this round,
or if the total invested for this round has reached the limit is present , but it has been missed in other functions where particular mapping is updated.
Root Cause
It can be the case when particular which is add in particualr functions can exceed the max amount. So ti break the invariant. because the caller has given rights to add, particular amount for each user and round, but amount check is missed.
https://github.com/sherlock-audit/2024-11-vvv-exchange-update/blob/main/vvv-platform-smart-contracts/contracts/vc/VVVVCInvestmentLedger.sol#L256C1-L277C6
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
No response
Mitigation
check should be put in this function too, which is put in invest()
The text was updated successfully, but these errors were encountered: