Open code423n4 opened 3 years ago
cmichel
The Vault.deposit function performs an unnecessary add here as _shares is always zero at this point:
Vault.deposit
add
_shares
if (_amount > 0) { _amount = _normalizeDecimals(_token, _amount); if (totalSupply() > 0) { _amount = (_amount.mul(totalSupply())).div(_balance); } // @audit gas: just set _shares = _amount, no .add needed _shares = _shares.add(_amount); }
Set _shares = _amount directly instead of adding amount to the always zero-valued _shares.
_shares = _amount
amount
Same as #6
Agree with finding, sponsor mitigated, see progress in #116
Handle
cmichel
Vulnerability details
The
Vault.deposit
function performs an unnecessaryadd
here as_shares
is always zero at this point:Recommended Mitigation Steps
Set
_shares = _amount
directly instead of addingamount
to the always zero-valued_shares
.