-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
maxDeposit()
uses yieldVault.maxDeposit()
but _depositAndMint()
uses yieldVault.mint()
#335
Comments
raymondfam marked the issue as insufficient quality report |
raymondfam marked the issue as primary issue |
maxDeposit() (same as maxMint()) is to check the maximum withdrawable for each account where yieldVault.mint would simply revert if the cap has not been conformed to. |
hansfriese marked the issue as unsatisfactory: |
hansfriese marked the issue as satisfactory |
It's a valid concern and QA is more appropriate due to the low impact. |
hansfriese changed the severity to QA (Quality Assurance) |
I will mark as grade-a with some unique issues. |
hansfriese marked the issue as grade-a |
Isn't a violation of EIP-4626, for a vault that claims to be compliant, at least a Medium severity because of the integration issues it implies? Note that being EIP-4626 compliant is explicitly stated in the README and that adherence to this was listed as one of the Attack ideas. This comment also applies to #336. Here are a few previous examples awarded High or Medium: |
After checking again, I agree Medium is more appropriate as it may violate ERC4626 compliance. |
hansfriese removed the grade |
This previously downgraded issue has been upgraded by hansfriese |
hansfriese marked the issue as satisfactory |
hansfriese marked the issue as selected for report |
After further evaluation, the suggested mitigation seems to cause issues in common ERC4626 yield vaults since As long as the yield vault |
trmid (sponsor) acknowledged |
Lines of code
https://github.com/code-423n4/2024-03-pooltogether/blob/480d58b9e8611c13587f28811864aea138a0021a/pt-v5-vault/src/PrizeVault.sol#L383
Vulnerability details
Impact
maxDeposit()
might return a value greater than can be deposited, violating EIP-4626.Proof of Concept
maxDeposit()
returns up toyieldVault.maxDeposit(address(this))
. However,_depositAndMint()
deposits usingyieldVault.mint()
which may have a stricter limit thanyieldVault.deposit()
. In that case depositingmaxDeposit()
would revert, which violates EIP-4626.Recommended Mitigation Steps
Use
yieldVault.previewRedeem(yieldVault.maxMint())
.Assessed type
ERC4626
The text was updated successfully, but these errors were encountered: