Add a proper revert message in `_withdrawSingle`

[code423n4]

Handle

shw

Vulnerability details

Impact

In the _withdrawSingle function of WithdrawHandler, the funds are withdrawn directly from the vault adapters when the withdrawal is small. However, the tokenAmount is not checked to be less than or equal to adapter.totalAssets() before withdrawing. If the amount to withdrawal is greater than the adapter's total assets, the transaction fails without returning proper error messages. Notice that a similar function, _withdrawBalanced, does check the adapter's balance (line 332).

Proof of Concept

Referenced code: WithdrawHandler.sol#L299-L300

Recommended Mitigation Steps

Add require(tokenAmount <= adapter.totalAssets(), "_withdrawSingle: !adapterBalance"); after line 299.

[kitty-the-kat]

Non-critical Style/comment fix, nice to have but not critical/prioritised

[ghoul-sol]

This is non-critical because add the check does not change the outcome, just makes it more clear. Agree with sponsor, non-critical.