Closed code423n4 closed 2 years ago
While I agree with the finding, the gas cost makes the attack economically unviable to execute.
Duplicate #143, I think #143 is a little more complete on this.
Agree this is an issue, however, rounding up for everyone may result in the last person to withdraw to be unable to withdraw their position because of accumulated dust from everyone else withdrawing previously.
Although rounding down is slightly worse for the user, it protects everyone else.
@jeffywu Actually, rounding down is not worse for the user but it's worse for the protocol and benefit the user because user will need fewer shares to withdraw the same amount of assets. So I don't think it's duplicated with #143
Considering this as a duplicate of #143 of the same warden, agree that this is not exactly a duplicate but decided to consolidate all 4626 rounding related issue.
Lines of code
https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/notional-wrapped-fcash/contracts/wfCashERC4626.sol#L52
Vulnerability details
Impact
In
wfCashERC4626.previewWithdraw()
function, when fCash has matured, shares is calculated usingconvertToShares()
. ButconvertToShares()
function rounded down in division. This may lead to the case that user can use zero share to withdraw asset.It has been stated in https://eips.ethereum.org/EIPS/eip-4626 that
Proof Of Concept
When
totalSupply() = 1e8
andtotalAssets() = 1e18
, any amount ofassets < 1e10
will result inconvertToShares()
return0
Tools Used
Manual Review
Recommended Mitigation Steps
Round up in share calculation for
previewWithdraw()
function