search

Fujicracy / fuji-v2

Cross-chain money market aggregator
https://fuji-v2-frontend.vercel.app
15 stars 10 forks source link

Q-3 Double conversion in withdraw #489

Closed 0xdcota closed 1 year ago

0xdcota commented 1 year ago

[Q-3] Double conversion of Shares <> Assets in withdraw

Description

Withdraw
address caller = _msgSender();
if (caller != owner) {
      _spendAllowance(owner, caller, receiver, convertToShares(assets)); // @audit twice conversion
}

function _spendAllowance(
    address owner,
    address operator,
    address receiver,
    uint256 shares // @audit inherited incorrectly 
) internal
{
    _spendWithdrawAllowance(owner, operator, receiver, convertToAssets(shares));
}

In the Withdraw function of BaseVault on line 420, assets are converted into shares and passed to spendAllowance(). However, spendAllowance() again converts these shares into assets.

This double conversion is redundant and causes a slight loss of precision.

Consider defining a different internal method to spend allowance in terms of assets.