search

code-423n4 / 2023-08-dopex-findings

3 stars 3 forks source link

The PerpetualAtlanticVaultLP contract is not a proper implementation of ERC-4626 #2091

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/perp-vault/PerpetualAtlanticVaultLP.sol#L21

Vulnerability details

Impact

As per the description for the PerpetualAtlanticVaultLP contract under the Scope in the c4 Dopex audit details, this contract is intended to follow the ERC-4626 standard. As such external protocols which integrate with this contract will expect that certain functions are implemented. This includes functions such as asset, totalAssets, convertToAssets, etc. Although this contract includes some of the required functions like convertToShares, most of the required functionality is missing. This will break integrations with external protocols, such as those which deposit WETH into protocols for yield.

Proof of Concept

Some of the required functions of the ERC-4626 standard which are missing from this implementation include: asset, totalAssets, convertToAssets.

Tools Used

Manual review

Recommended Mitigation Steps

Refactor the PerpetualAtlanticVaultLP contract to follow the ERC4626 requirements.

Assessed type

ERC4626

c4-pre-sort commented 1 year ago

bytes032 marked the issue as duplicate of #574

c4-pre-sort commented 1 year ago

bytes032 marked the issue as duplicate of #1506

c4-pre-sort commented 1 year ago

bytes032 marked the issue as duplicate of #699

c4-pre-sort commented 1 year ago

bytes032 marked the issue as sufficient quality report

c4-judge commented 11 months ago

GalloDaSballo changed the severity to QA (Quality Assurance)