Precision Loss Attack in Compound Forks
Description
In Compound forks, a precision loss attack is possible if redeemAmount is taken from the arguments of redeemFresh() when there is a market with totalSupply = 0 and collateralFactor != 0.
Examples
Insecure Code
solidity
function redeemFresh(...) internal {
redeemAmount = redeemAmountIn;
...
}Secure Code
solidity
function redeemFresh(...) internal {
require(redeemAmountIn > 0, "Invalid redeem amount");
redeemAmount = redeemAmountIn;
...
}Remediation
Validate and sanitize the redeemAmount before using it in the redeemFresh() function to prevent precision loss attacks.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0471 |
| Category | Crypto |
| Severity | CRITICAL |
| CWE | CWE-1339 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | HIGH |
| Exploitability | MODERATE |
| Tags | precision loss, compound forks, redeemFresh |
| OWASP | N/A |
References
- https://twitter.com/DecurityHQ/status/1719657969925677161
- https://defimon.xyz/attack/mainnet/0xf7c21600452939a81b599017ee24ee0dfd92aaaccd0a55d02819a7658a6ef635
- https://blog.hundred.finance/15-04-23-hundred-finance-hack-post-mortem-d895b618cf33