Calculation of `CollateralTracker.maxMint` function is faulty #358

c4-bot-9 · 2024-04-22T08:53:53Z

Lines of code

https://github.com/code-423n4/2024-04-panoptic/blob/58dda1b3b74e48f4d924731ec5da14096043fde0/contracts/CollateralTracker.sol#L444-L448
https://github.com/code-423n4/2024-04-panoptic/blob/58dda1b3b74e48f4d924731ec5da14096043fde0/contracts/CollateralTracker.sol#L379-L381
https://github.com/code-423n4/2024-04-panoptic/blob/58dda1b3b74e48f4d924731ec5da14096043fde0/contracts/CollateralTracker.sol#L453-L468
https://github.com/code-423n4/2024-04-panoptic/blob/58dda1b3b74e48f4d924731ec5da14096043fde0/contracts/CollateralTracker.sol#L477-L500

Vulnerability details

Impact

The following maxMint function returns maxShares that is (convertToShares(type(uint104).max) * DECIMALS) / (DECIMALS + COMMISSION_FEE), which can be rewritten as (type(uint104).max * totalSupply / totalAssets()) * DECIMALS / (DECIMALS + COMMISSION_FEE).

https://github.com/code-423n4/2024-04-panoptic/blob/58dda1b3b74e48f4d924731ec5da14096043fde0/contracts/CollateralTracker.sol#L444-L448

    function maxMint(address) external view returns (uint256 maxShares) {
        unchecked {
            return (convertToShares(type(uint104).max) * DECIMALS) / (DECIMALS + COMMISSION_FEE);
        }
    }

https://github.com/code-423n4/2024-04-panoptic/blob/58dda1b3b74e48f4d924731ec5da14096043fde0/contracts/CollateralTracker.sol#L379-L381

    function convertToShares(uint256 assets) public view returns (uint256 shares) {
        return Math.mulDiv(assets, totalSupply, totalAssets());
    }

Calling the following previewMint function with the maxShares returned by the maxMint function as the shares input would return an assets that is ((type(uint104).max * totalSupply / totalAssets()) * DECIMALS / (DECIMALS + COMMISSION_FEE)) * DECIMALS * totalAssets() / (totalSupply * (DECIMALS - COMMISSION_FEE)), which can be simplified to type(uint104).max * (DECIMALS**2) / (DECIMALS**2 - COMMISSION_FEE**2). Since (DECIMALS**2) / (DECIMALS**2 - COMMISSION_FEE**2) is bigger than 1 for a reasonable COMMISSION_FEE, type(uint104).max * (DECIMALS**2) / (DECIMALS**2 - COMMISSION_FEE**2) would be larger than type(uint104).max. This means that such assets, which corresponds to the maxShares returned by the maxMint function, is larger than type(uint104).max that is the deposit limit of the underlying asset; this shows that the calculation of the maxMint function is faulty.

https://github.com/code-423n4/2024-04-panoptic/blob/58dda1b3b74e48f4d924731ec5da14096043fde0/contracts/CollateralTracker.sol#L453-L468

    function previewMint(uint256 shares) public view returns (uint256 assets) {
        ...
        unchecked {
            assets = Math.mulDivRoundingUp(
                shares * DECIMALS,
                totalAssets(),
                totalSupply * (DECIMALS - COMMISSION_FEE)
            );
        }
    }

Because of the faulty calculation of the maxMint function, calling the following mint function with the maxShares returned by the maxMint function as the shares input will revert with the DepositTooLarge error.

https://github.com/code-423n4/2024-04-panoptic/blob/58dda1b3b74e48f4d924731ec5da14096043fde0/contracts/CollateralTracker.sol#L477-L500

    function mint(uint256 shares, address receiver) external returns (uint256 assets) {
        assets = previewMint(shares);

        if (assets > type(uint104).max) revert Errors.DepositTooLarge();

        ...
    }

According to https://eips.ethereum.org/EIPS/eip-4626, the EIP-4626 standard requires the maxMint function to return Maximum amount of shares that can be minted from the Vault for the ``receiver``, through a ``mint`` call and MUST return the maximum amount of shares ``mint`` would allow to be deposited to ``receiver`` and not cause a revert. However, calling the mint function with the maxShares returned by the maxMint function as the shares input reverts while such operation should not revert. As a result, the faulty calculation of the maxMint function violates the EIP-4626 standard.

Proof of Concept

Please add the following test in test\foundry\core\CollateralTracker.t.sol. This test will pass to demonstrate the described scenario.

    function test_maxMintFaultyCalculation(uint256 x) public {
        _initWorld(x);

        vm.startPrank(Bob);

        _grantTokens(Bob);
        IERC20Partial(token0).approve(address(collateralToken0), type(uint256).max);

        uint256 maxShares = collateralToken0.maxMint(Bob);

        // calling mint function reverts because maxShares returned by maxMint function corresponds to assets that is more than type(uint104).max
        vm.expectRevert(Errors.DepositTooLarge.selector);
        uint256 returnedAssets0 = collateralToken0.mint(maxShares, Bob);

        vm.stopPrank();
    }

Tools Used

Manual Review

Recommended Mitigation Steps

The maxMint function can be updated to the following code.

    function maxMint(address) external view returns (uint256 maxShares) {
        unchecked {
            maxShares = Math.mulDiv(
                type(uint104).max * (DECIMALS - COMMISSION_FEE),
                totalSupply,
                totalAssets() * DECIMALS
            );
        }
    }

Assessed type

ERC4626

The text was updated successfully, but these errors were encountered:

c4-judge · 2024-04-24T18:09:01Z

Picodes marked the issue as primary issue

c4-judge · 2024-04-25T20:48:56Z

Picodes marked the issue as duplicate of #370

c4-judge · 2024-04-29T21:38:01Z

Picodes marked the issue as duplicate of #553

c4-judge · 2024-04-29T21:41:42Z

Picodes marked the issue as satisfactory

c4-judge · 2024-05-09T19:15:19Z

Picodes changed the severity to QA (Quality Assurance)

c4-bot-9 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Apr 22, 2024

c4-bot-2 added a commit that referenced this issue Apr 22, 2024

rbserver issue #358

8b2d67d

c4-bot-11 added the 🤖_61_group AI based duplicate group recommendation label Apr 22, 2024

c4-judge added the primary issue Highest quality submission among a set of duplicates label Apr 24, 2024

c4-judge closed this as completed Apr 25, 2024

c4-judge added duplicate-370 and removed primary issue Highest quality submission among a set of duplicates labels Apr 25, 2024

c4-judge mentioned this issue Apr 25, 2024

Incorrect Calculation in maxMint Function Causing DOS Vulnerability #267

Closed

c4-judge added duplicate-553 and removed duplicate-370 labels Apr 29, 2024

c4-judge added satisfactory satisfies C4 submission criteria; eligible for awards duplicate-501 and removed duplicate-553 labels Apr 29, 2024

C4-Staff added the grade-b label May 13, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Calculation of `CollateralTracker.maxMint` function is faulty #358

Calculation of `CollateralTracker.maxMint` function is faulty #358

c4-bot-9 commented Apr 22, 2024

c4-judge commented Apr 24, 2024

c4-judge commented Apr 25, 2024

c4-judge commented Apr 29, 2024

c4-judge commented Apr 29, 2024

c4-judge commented May 9, 2024

Calculation of CollateralTracker.maxMint function is faulty #358

Calculation of CollateralTracker.maxMint function is faulty #358

Comments

c4-bot-9 commented Apr 22, 2024

Lines of code

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

Assessed type

c4-judge commented Apr 24, 2024

c4-judge commented Apr 25, 2024

c4-judge commented Apr 29, 2024

c4-judge commented Apr 29, 2024

c4-judge commented May 9, 2024

Calculation of `CollateralTracker.maxMint` function is faulty #358

Calculation of `CollateralTracker.maxMint` function is faulty #358