Open code423n4 opened 2 years ago
I also don't see where is cap used.
I also don't see where cap
is being used. If it's supposed to represent the maximum a vault can hold, it's not very obvious how to enforce it on chain.
Caps aren't enforced in code. Since users can't deposit directly to strategies, it's up to the strategist to manage caps of strategies. We could likely refactor to remove caps altogether and save some gas.
Finding acknowledge, may want to remove / refactor that functionality
Handle
0xsanson
Vulnerability details
Impact
When adding a strategy in Controller.sol, a variable
cap
is passed to_vaultDetails[_vault].caps[_strategy]
. I guess this is the maximum balance allowed for this strategy, but this is actually never used in the current implementation.Tools Used
editor
Recommended Mitigation Steps
Check if this is a wanted feature of the protocol, and (if positive) add some checks to enforce it.