Open code423n4 opened 1 year ago
dmvt marked the issue as duplicate of #141
RedVeil marked the issue as sponsor confirmed
RedVeil marked the issue as disagree with severity
dmvt changed the severity to 2 (Med Risk)
dmvt marked the issue as selected for report
Lines of code
https://github.com/code-423n4/2023-01-popcorn/blob/main/src/vault/adapter/abstracts/AdapterBase.sol#L392 https://github.com/code-423n4/2023-01-popcorn/blob/main/src/vault/adapter/abstracts/AdapterBase.sol#L110-L122 https://github.com/code-423n4/2023-01-popcorn/blob/main/src/vault/adapter/abstracts/AdapterBase.sol#L147-L165
Vulnerability details
Impact
Users could receive
0
shares and thus lose their entire investment when making a deposit.Proof of Concept
Alice calls
deposit
with999
assets, with herself as the receiverShares are calculated through
_previewDeposit
, which uses_convertToShares
rounding downWith specific conditions, the share calculation will round to zero. Let's suppose that
_totalSupply = 100_000
and_totalAssets = 100_000_000
, then:which rounds to zero, so total shares are
0
.Finally, the deposit is completed, and the adapter mints
0 shares
.Alice has lost
999
assets and she has received nothing in return.Tools Used
Manual review
Recommended Mitigation Steps
Revert the transaction when a deposit would result in
0
shares minted.