There is a check to ensure that thevalueX8of the deposited tokens does not exceed the tvlCap. However, it would be beneficial to add an additional check to compare the current TVL (Total Value Locked) with a maximum allowed TVL. If the current TVL reaches the maximum limit, the deposit function should reject any further deposits.
Impact
The current implementation of the TVL (Total Value Locked) in the contract does not have a check against the maximum allowed value. This could potentially result in the TVL exceeding the intended maximum value that should be locked in the contract.
The lack of a check against the maximum value for the Total Value Locked (TVL), can have several potential impacts. Here are a few that come to mind:
Financial Risk: Without a check in place, the TVL could unintentionally exceed the maximum limit set by the contract. This has the potential to put the funds at risk, as the system may not be designed to handle such large amounts. This could lead to unforeseen consequences, such as failed transactions or even potential loss of funds.
Contract Stability: Exceeding the maximum TVL may strain the stability and efficiency of the contract itself. Without proper checks and balances, it's possible that the contract's performance and reliability could be compromised. This could lead to delayed transactions, system malfunctions, or even a complete breakdown of functionality.
In the code sinpet above there is a check to ensure that thevalueX8of the deposited tokens does not exceed the tvlCap. However, it would be beneficial to add an additional check to compare the current TVL (Total Value Locked) with a maximum allowed TVL.
Tools Used
Manual Review
Recommended Mitigation Steps
define a variable maximumTVL and set it to the desired maximum allowed TVL. Then, before accepting a deposit, you can compare the current TVL with the maximumTVL using an if statement:
require(currentTVL + valueX8 <= maximumTVL, "Exceeded maximum TVL");
This code ensures that the current Total Value Locked (currentTVL) plus the value times 8 (valueX8`) of the deposited tokens does not exceed the maximum allowed TVL. If the maximum TVL is reached, the deposit function will reject any further deposits and revert with an error message.
Lines of code
https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/GeVault.sol#L269-L279
Vulnerability details
There is a check to ensure that the
valueX8
of the deposited tokens does not exceed thetvlCap
. However, it would be beneficial to add an additional check to compare the current TVL (Total Value Locked) with a maximum allowed TVL. If the current TVL reaches the maximum limit, the deposit function should reject any further deposits.Impact
The current implementation of the TVL (Total Value Locked) in the contract does not have a check against the maximum allowed value. This could potentially result in the TVL exceeding the intended maximum value that should be locked in the contract. The lack of a check against the maximum value for the Total Value Locked (TVL), can have several potential impacts. Here are a few that come to mind:
Financial Risk: Without a check in place, the TVL could unintentionally exceed the maximum limit set by the contract. This has the potential to put the funds at risk, as the system may not be designed to handle such large amounts. This could lead to unforeseen consequences, such as failed transactions or even potential loss of funds.
Contract Stability: Exceeding the maximum TVL may strain the stability and efficiency of the contract itself. Without proper checks and balances, it's possible that the contract's performance and reliability could be compromised. This could lead to delayed transactions, system malfunctions, or even a complete breakdown of functionality.
Proof of Concept
In the code sinpet above there is a check to ensure that the
valueX8
of the deposited tokens does not exceed thetvlCap
. However, it would be beneficial to add an additional check to compare the current TVL (Total Value Locked) with a maximum allowed TVL.Tools Used
Manual Review
Recommended Mitigation Steps
define a variable
maximumTVL
and set it to the desired maximum allowed TVL. Then, before accepting a deposit, you can compare the current TVL with themaximumTVL
using an if statement:require(currentTVL + valueX8 <= maximumTVL, "Exceeded maximum TVL");
This code ensures that the current Total Value Locked (currentTVL) plus the value times 8 (valueX8`) of the deposited tokens does not exceed the maximum allowed TVL. If the maximum TVL is reached, the deposit function will reject any further deposits and revert with an error message.
Assessed type
Invalid Validation