c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Lines of code
Vulnerability details
Original Issue
M-11 - Vault.mintWithPermit() can be DOSed
Details
In the previous version, there was a function
mintWithPermit(), that would always fail because one of the computed values that was sent as part of the signature, depended on the exchangeRate which is constantly changing, so, from the moment that the owner signed the approval, until the moment the signature was actually executed, the value of the assets (the value that depends on the exchangeRate) would most likely be a different value than the one that the owner signed, which that would cause the tx to be reverted because the sent value is not the same value of the signature.Mitigation
The mitigation solves the issue because the
mintWithPermit()was removed from the code, now users will only use thedepositWithPermi().Conclusion
The implemented mitigation solves the original issue.