Omniscia Steer Protocol Audit
AlgebraWhitelistedSingleLiquidityManager Manual Review Findings
AlgebraWhitelistedSingleLiquidityManager Manual Review Findings
AWS-01M: Potentially Insecure Sanitization of Deposit
Type | Severity | Location |
---|---|---|
Logical Fault | AlgebraWhitelistedSingleLiquidityManager.sol:L70-L76 |
Description:
The AlgebraWhitelistedSingleLiquidityManager::deposit
call will sanitize the to
address rather than the msg.sender
as being authorized to perform deposits contrary to the purpose of the whitelist.
Impact:
It is presently possible for any user to perform a deposit for the benefit of an authorized member in contrast to how the whitelist is meant to be applied.
Example:
57function deposit(58 uint256 amount0Desired,59 uint256 amount1Desired,60 uint256 amount0Min,61 uint256 amount1Min,62 address to63)64 public65 virtual66 override67 returns (uint256 shares, uint256 amount0Used, uint256 amount1Used)68{69 // Check that user is authorized to deposit70 require(71 IBareWhitelistRegistry8(whitelistManager).permissions(72 address(this),73 to74 ) == 1,75 "whitelist"76 );
Recommendation:
We advise the code to ensure that the msg.sender
has the relevant permission from the whitelistManager
in addition to the to
address, which should be considered optional as the actual user that performs the AlgebraWhitelistedSingleLiquidityManager::deposit
action is the msg.sender
.
Alleviation (0c3f85c7c11805ac412fe291f5681bef26da7244):
The Steer Protocol team evaluated this exhibit and specified that the intention of the security check is to ensure the LP units minted are done so to a whitelisted address.
A msg.sender
that is not whitelisted should be able to deposit on behalf of a whitelisted address and the LP units minted can then be freely transferred; the minting operation is what the Steer Protocol team is concerned with and wishes to protect.
As a result of these additional statements by the Steer Protocol team, we consider this exhibit nullified as it represents desirable behaviour.