Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vault:deposit should transfer the amount assets and not shares. #78

Open
code423n4 opened this issue Sep 16, 2022 · 2 comments
Open

Vault:deposit should transfer the amount assets and not shares. #78

code423n4 opened this issue Sep 16, 2022 · 2 comments
Labels
bug Something isn't working old-submission-method QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2022-09-y2k-finance/blob/2175c044af98509261e4147edeb48e1036773771/src/Vault.sol#L167

Vulnerability details

Impact

The wrong amount can be transferred from the msg.sender to the Vault.

Proof of Concept

When Vault:deposit is called, it is supposed to get assets amount of asset from the msg.sender and send the msg.sender shares amount of the vault token.

However in the current implementation, the Vault would get shares amount of asset from the msg.sender. See line 167 from the snippet below.

The assets and shares are not necessarily the same amount. Therefore the Vault might transfer the wrong amount of asset from the msg.sender.

// Vault
// deposit
165        require((shares = previewDeposit(id, assets)) != 0, "ZeroValue");
166
167        asset.transferFrom(msg.sender, address(this), shares);
168
169        _mint(receiver, id, shares, EMPTY);

Tools Used

None

Recommended Mitigation Steps

// Vault
// deposit
167        asset.transferFrom(msg.sender, address(this), assets);
@code423n4 code423n4 added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working old-submission-method labels Sep 16, 2022
code423n4 added a commit that referenced this issue Sep 16, 2022
@code423n4
zzzitron issue #78
c6666bb
@3xHarry
Copy link
Collaborator

3xHarry commented Sep 22, 2022

dup #471

@3xHarry 3xHarry added the duplicate This issue or pull request already exists label Sep 22, 2022
@HickupHH3 HickupHH3 added QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax and removed 3 (High Risk) Assets can be stolen/lost/compromised directly labels Oct 15, 2022
@HickupHH3
Copy link
Collaborator

warden's primary QA

@HickupHH3 HickupHH3 mentioned this issue Oct 17, 2022
Closed
@HickupHH3 HickupHH3 mentioned this issue Nov 5, 2022
Closed
@JeeberC4 JeeberC4 removed the duplicate This issue or pull request already exists label Nov 9, 2022
@JeeberC4 JeeberC4 reopened this Nov 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working old-submission-method QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@MiguelBits @code423n4 @HickupHH3 @JeeberC4 @3xHarry