c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
c4-judge
commented
1 year ago Picodes marked the issue as confirmed for report
Lines of code
Vulnerability details
Comments
The previous implementation included a
mintWithPermitmethod that was supposed to allow users to mint a certain number of shares through a permit signature. However the signature would have to be signed with a specific value of_assetsthat isn’t known in advance (since it varies based on the exchange rate) and therefore it is probable that most/all calls tomintWithPermitwould revert.Mitigation
The implementation has been removed altogether which makes sense because it is impossible to know what value of
_assetsto sign a message for that will be valid at any given time in the future.depositWithPermitremains to allow entering into a vault with a permit, so this issue has been resolved.Conclusion
LGTM