Deposit function does not check for the maxMint amount. #61
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-501
grade-c
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
🤖_61_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/CollateralTracker.sol#L417
Vulnerability details
Summary
The
deposit
function has a check formaxDeposit
and reverts if the deposit value is more thantype(uint104).max
.But, it does not check the shares to be less than
maxMint
amount and hence bypasses this check. Theoretically, if the assets are equal totype(uint104).max
and if the vault is undercollateralised, then the calculation inconvertToShares(type(uint104).max) * DECIMALS) / (DECIMALS + COMMISSION_FEE)
could return a value more than themaxMint
amount. This is possible in those scenarios where the asset has big number of decimals (README confirms it) and the Vault is severely under-collateralized.Impact
It is theoretically possible for the deposit amount to mint shares more than the maxMint amount
Tools Used
Manual rewiew
Recommended Mitigation Steps
Include the
maxMint
check in the deposit function to prevent this problem.Assessed type
ERC4626
The text was updated successfully, but these errors were encountered: