Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The ERC4626 standard is not followed correctly in PerpetualAtlanticVaultLP contract #1886

Closed
code423n4 opened this issue Sep 5, 2023 · 5 comments
Closed

The ERC4626 standard is not followed correctly in PerpetualAtlanticVaultLP contract #1886

code423n4 opened this issue Sep 5, 2023 · 5 comments
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-699 grade-b QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/perp-vault/PerpetualAtlanticVaultLP.sol#L21

Vulnerability details

Vulnerability details

Impact

In the code4rena dopex contests is especified the following about the PerpetualAtlanticVaultLP contract:

Contract for the Perpetual Atlantic Vault LP (ERC4626).

Although the contest documentation and certain parts of the contract describe the EIP-4626 standard, the protocol does not adhere to it.

Proof of Concept

  * @notice deposit into ERC4626 token
 * @notice redeem ERC4626 token

For example is missing the maxDeposit for maximum amount of the underlying asset that can be deposited into the Vault for the receiver, through a deposit call.
and others.

Tools Used

Manual review.

Recommended Mitigation Steps

Go through the standard and follow it for all methods that override methods from the inherited ERC4626 implementation.

Assessed type

Context
@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Sep 5, 2023
code423n4 added a commit that referenced this issue Sep 5, 2023
@code423n4
catellatech issue #1886
d8e1cae
@c4-pre-sort
Copy link

bytes032 marked the issue as duplicate of #574

@c4-pre-sort
Copy link

bytes032 marked the issue as duplicate of #1506

@c4-pre-sort
Copy link

bytes032 marked the issue as duplicate of #699

@c4-pre-sort
Copy link

bytes032 marked the issue as sufficient quality report

@c4-pre-sort c4-pre-sort added the sufficient quality report This report is of sufficient quality label Sep 11, 2023
@c4-judge c4-judge added downgraded by judge Judge downgraded the risk level of this issue QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Oct 20, 2023
@c4-judge
Copy link
Contributor

GalloDaSballo changed the severity to QA (Quality Assurance)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-699 grade-b QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@code423n4 @c4-judge @c4-pre-sort @C4-Staff