balance of this contract of vault tokens in the require statement can stop users from withdrawing their tokens
2 issues:
vaultbalancebefore= balance of this contract from a vault tokens
vaultamount=vaultbalancebefore- balance of vault right then when user is executing this tx which can be more or less causing vaultamount to not == amount causing users to revert same thing with tokenamount require statement
ex:
alice calls withdraw with 5 as amount and attacker puts 100 tokens into this contract from that vault that alice calls, when attacker does this is
vaultbalancebefore = 100
before the attacker gives this contract the tokens
vaultamount=100-1000
Causing the function to revert causing user to loose gas
Recommended Mitigation Steps
have a min amount so it's not so absolute or revert. make a way where an attacker cant grief users . add way for the contract balance not to change in the tx
Lines of code
https://github.com/code-423n4/2022-06-nested/blob/b253ed80f67d1bb2a04e1702f5796fd96a7c521e/contracts/operators/Beefy/lp/BeefyZapUniswapLPVaultOperator.sol#L108
Vulnerability details
Impact
balance of this contract of vault tokens in the require statement can stop users from withdrawing their tokens 2 issues:
vaultbalancebefore= balance of this contract from a vault tokens vaultamount=vaultbalancebefore- balance of vault right then when user is executing this tx which can be more or less causing vaultamount to not == amount causing users to revert same thing with tokenamount require statement
ex: alice calls withdraw with 5 as amount and attacker puts 100 tokens into this contract from that vault that alice calls, when attacker does this is vaultbalancebefore = 100 before the attacker gives this contract the tokens vaultamount=100-1000 Causing the function to revert causing user to loose gas
Recommended Mitigation Steps
have a min amount so it's not so absolute or revert. make a way where an attacker cant grief users . add way for the contract balance not to change in the tx