c4-judge
commented
1 year ago trust1995 changed the severity to QA (Quality Assurance)
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago trust1995 changed the severity to QA (Quality Assurance)
c4-judge
commented
1 year ago trust1995 marked the issue as grade-b
0xBebis
commented
1 year ago when your transaction becomes an options contract... out of scope
c4-sponsor
commented
1 year ago 0xBebis marked the issue as sponsor disputed
Lines of code
https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Vault/contracts/ReaperVaultV2.sol#L302 https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Vault/contracts/ReaperVaultV2.sol#L313
Vulnerability details
Impact
Reaper vault has provided helper functions for user to deposit funds into the vault and receive the shares according to the current
totalSupplyandfreeFundsin the vault .This output of shares depend on the execution time as totalSupply changes frequently . Hence , it is important to give the user choice to add a deadline check to ensure in the event of low gas fees, their transaction does not execute after going in the mempool for a long time .
Proof of Concept
Suppose , Bob calls deposit , with 10e18 tokens . totalSupply = 50e18 freeFunds = 100e18
shares to be minted = 10e18 * 50e18/ 100e18;
But if the transaction goes into pending state in the mempool for a long time due to low gas fees, the values will change significantly .
Now Bob may get a bad or good trade depending on the vault conditions .
Tools Used
Manual Review
Recommended Mitigation Steps
Add a deadline check in
depositanddepositAllfunctions to ensure the function reverts if it executes after a certain time .