Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Bond Protocol>Discussion>Remove unchecked block
GeneralOverview
Findings
Medium (2)
Low (1)
Informational (3)
DiscussionRedundant safeTransfer callAssure token is activeRemove unchecked blockDouble-counted auctioneer
Threat ModelsWhat are threat models?BondAggregator.solBondBaseCallback.solBondBaseSDA.solBondBaseTeller.solBondFixedExpirySDA.solBondFixedExpiryTeller.solBondFixedTermSDA.solBondFixedTermTeller.sol
Audit ResultsResults

Remove unchecked block

The unchecked block in the purchaseBond() function from BondBaseSDA comes after a check that would disallow any underflows or overflows happening:

// If amount/payout is greater than capacity remaining, revert
if (market.capacityInQuote ? amount_ > market.capacity : payout > market.capacity)
    revert Auctioneer_NotEnoughCapacity();

// @audit remove this unchecked;
unchecked {
    // Capacity is decreased by the deposited or paid amount
    market.capacity -= market.capacityInQuote ? amount_ : payout;

    // Markets keep track of how many quote tokens have been
    // purchased, and how many payout tokens have been sold
    market.purchased += amount_;
    market.sold += payout;
}

Despite that, we recommend removing the unchecked block for posterity reasons, in the case that further operations are performed around the market.capacity, which would, in turn, jeopardize the safety of this code block.

Remediation

Bond Labs acknowledged this finding and implemented a fix in commit ac5dbf77.

Zellic © 2024Back to top ↑