Gas: Unnecessary addition in `Vault.deposit`

[code423n4]

Handle

cmichel

Vulnerability details

The Vault.deposit function performs an unnecessary add here as _shares is always zero at this point:

if (_amount > 0) {
    _amount = _normalizeDecimals(_token, _amount);

    if (totalSupply() > 0) {
        _amount = (_amount.mul(totalSupply())).div(_balance);
    }
    // @audit gas: just set _shares = _amount, no .add needed
    _shares = _shares.add(_amount);
}

Recommended Mitigation Steps

Set _shares = _amount directly instead of adding amount to the always zero-valued _shares.

[Haz077]

Same as #6

[GalloDaSballo]

Agree with finding, sponsor mitigated, see progress in #116