Urban Daffodil Elk - Uninitialized Leverage and Bond Amounts Leading to Stuck Funds

[sherlock-admin2]

Urban Daffodil Elk

Medium

Uninitialized Leverage and Bond Amounts Leading to Stuck Funds

Summary

The initialize function in the provided Solidity code does not initialize the leverage amount and bond amount in the PreDeposit phase. This can lead to stuck funds as the createPool function expects these amounts to be greater than zero.

Root Cause

The root cause of this issue is the missing initialization of leverageAmount and bondAmount in the initialize function. Without these initializations, the createPool function will revert due to zero values for these amounts..

The create pool function however requires that leverage and bond amounts are greater than zero , if not pool creation fails. Although the admin can still set bond and leverage amount through separate function an oversight can occur an hamper this from taking place, networks downtimes can also lead to cases where the leverage and bond amount are not set

https://github.com/sherlock-audit/2024-12-plaza-finance/blob/main/plaza-evm/src/PreDeposit.sol#L84-L107

  function createPool() external nonReentrant whenNotPaused checkDepositEnded {
    if (reserveAmount == 0) revert NoReserveAmount();
    if (bondAmount == 0 || leverageAmount == 0) revert InvalidBondOrLeverageAmount();
    if (poolCreated) revert PoolAlreadyCreated();
    IERC20(params.reserveToken).approve(address(factory), reserveAmount);
    pool = factory.createPool(params, reserveAmount, bondAmount, leverageAmount, bondName, bondSymbol, leverageName, leverageSymbol, true);

    emit PoolCreated(pool);
    poolCreated = true;
  }

Internal Pre-conditions

-Users have deposited their tokens in Predeposit and can not no longer withdraw because deposits have ended.

• the checkDepositEnded modifier ensures this

  modifier checkDepositEnded() {
    if (block.timestamp < depositEndTime) revert DepositNotEnded();
    _;
  }

External Pre-conditions

No response

Attack Path

-The initialize function is called without initializing leverageAmount and bondAmount.
-The createPool function is called, which checks if reserveAmount, bondAmount, and leverageAmount are greater than zero.
-Since bondAmount and leverageAmount are not initialized, the function reverts, leading to stuck funds in user funds which cannot be retrieved since deposits have ended.

Impact

User funds are permanently stuck in predeposit.. funds stuck; high Likelihood is low so medium.

PoC

Mitigation

Modify the initialize function to set the initial values for leverageAmount and bondAmount.

Set the leverage amount and bond immediately instead of waiting to set on a different call.

function initialize(
    PoolFactory.PoolParams memory _params,
    address _factory,
    uint256 _depositStartTime,
    uint256 _depositEndTime,
    uint256 _reserveCap,
   uint256  _leverageAmount
  uint256  bondAmount
    string memory _bondName,
    string memory _bondSymbol,
    string memory _leverageName,
    string memory _leverageSymbol) initializer public {
    if (_params.reserveToken == address(0)) revert InvalidReserveToken();
    __UUPSUpgradeable_init();
    __ReentrancyGuard_init();
    __Ownable_init(msg.sender);
    params = _params;
    depositStartTime = _depositStartTime;
    depositEndTime = _depositEndTime;
    reserveCap = _reserveCap;
    factory = PoolFactory(_factory);
    bondName = _bondName;
    bondSymbol = _bondSymbol;
    leverageName = _leverageName;
    leverageSymbol = _leverageSymbol;
    poolCreated = false;
    leverageAmount =  _leverageAmount
  bondAmount = _bondAmount