GalloDaSballo
commented
2 years ago Agree with finding and severity as documentation mismatches functionality
Open code423n4 opened 2 years ago
GalloDaSballo
commented
2 years ago Agree with finding and severity as documentation mismatches functionality
Handle
0xsanson
Vulnerability details
Impact
In Vault.sol, the state variable
totalDepositCapis 'the maximum amount of value that can be deposited to the metavault at a time' according to the comment at L97. The way it's used instead suggests a different meaning, i.e. 'the maximum amount of value that can be deposited to the metavault in total' (see L200).Proof of Concept
https://github.com/code-423n4/2021-09-yaxis/blob/main/contracts/v3/Vault.sol#L97 https://github.com/code-423n4/2021-09-yaxis/blob/main/contracts/v3/Vault.sol#L97
Tools Used
editor
Recommended Mitigation Steps
Check what's the intended behavior and either change the documentation or the usage in the deposit function.