Open code423n4 opened 1 year ago
bytes032 marked the issue as duplicate of #574
bytes032 marked the issue as duplicate of #1506
bytes032 marked the issue as duplicate of #699
bytes032 marked the issue as sufficient quality report
GalloDaSballo changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/perp-vault/PerpetualAtlanticVaultLP.sol#L21
Vulnerability details
Impact
As per the description for the PerpetualAtlanticVaultLP contract under the Scope in the c4 Dopex audit details, this contract is intended to follow the ERC-4626 standard. As such external protocols which integrate with this contract will expect that certain functions are implemented. This includes functions such as
asset
,totalAssets
,convertToAssets
, etc. Although this contract includes some of the required functions likeconvertToShares
, most of the required functionality is missing. This will break integrations with external protocols, such as those which deposit WETH into protocols for yield.Proof of Concept
Some of the required functions of the ERC-4626 standard which are missing from this implementation include:
asset
,totalAssets
,convertToAssets
.Tools Used
Manual review
Recommended Mitigation Steps
Refactor the PerpetualAtlanticVaultLP contract to follow the ERC4626 requirements.
Assessed type
ERC4626