MUST return the maximum amount of shares mint would allow to be deposited to receiver and not cause a revert, which MUST NOT be higher than the actual maximum that would be accepted (it should underestimate if necessary). This assumes that the user has infinite assets, i.e. MUST NOT rely on balanceOf of asset.
Lines of code
https://github.com/code-423n4/2023-01-popcorn/blob/d95fc31449c260901811196d617366d6352258cd/src/vault/Vault.sol#L404-L406
Vulnerability details
Vulnerability Detail
MUST return the maximum amount of shares mint would allow to be deposited to receiver and not cause a revert, which MUST NOT be higher than the actual maximum that would be accepted (it should underestimate if necessary). This assumes that the user has infinite assets, i.e. MUST NOT rely on balanceOf of asset.
https://eips.ethereum.org/EIPS/eip-4626#:~:text=MUST%20return%20the%20maximum%20amount%20of%20shares,NOT%20rely%20on%20balanceOf%20of%20asset
MaxMint() should incompass the limitation of maxSupply.
Impact
Could cause unexpected behavior in the future due to non-compliance with EIP-4626 standard.
Tools Used
VScode
Recommended Mitigation Steps
MaxMint() should incompass the limitation of maxSupply Suggested change maxMint() to:
function maxMint(address) public view virtual returns (uint256) { if (totalSupply >= maxSupply) { return 0; } return maxSupply - totalSupply; }