141345
commented
1 year ago seems invalid
tvlCap > valueX8 + getTVL() still hold after deposit
Closed code423n4 closed 1 year ago
141345
commented
1 year ago seems invalid
tvlCap > valueX8 + getTVL() still hold after deposit
c4-pre-sort
commented
1 year ago 141345 marked the issue as low quality report
c4-judge
commented
1 year ago gzeon-c4 marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/GeVault.sol#L269
Vulnerability details
Impact
The vulnerability in the deposit function,The tvlCap variable is intended to limit the maximum TVL of the vault, in the current implementation, there is the proble with how the TVL cap is enforced. Here's the relevant part of the deposit function that is the problem where:
uint valueX8 = oracle.getAssetPrice(token) * (amount - fee) / 10**ERC20(token).decimals(); require(tvlCap > valueX8 + getTVL(), "GEV: Max Cap Reached");
The problem is the tvlCap is set to a value greater than the sum of valueX8 and the current TVL (getTVL()) of the vault. This means that the deposit can still be accepted even if it pushes the TVL of the vault beyond the specified cap, potentially leading to unintended consequences.
Proof of Concept
If the TVL cap is not correctly enforced, the vault may exceed the intended maximum TVL. This could lead to unexpected behaviors, risks of over-exposure, and instability in the protocol's performance.
Tools Used
Manual review
Recommended Mitigation Steps
the deposit function should checks that the total TVL after the deposit does not exceed the specified tvlCap. Can this done by adjusting the condition in the require statement by doing this the deposit function will reject any deposit that would cause the vault's total TVL to exceed the specified tvlCap, this ensuring the intended cap is enforced.
Assessed type
Other