If the user calls deposit() @ line 171, he/she is susceptible to inconceivable shares loss because of the lack of slippage protection. However, there's another function with the same name that also invokes deposit() @ line 176 with a slippage protection. It's the deposit function deposit() @ line 188, shown below.
Lines of code
https://github.com/code-423n4/2024-02-spectra/blob/383202d0b84985122fe1ba53cfbbb68f18ba3986/src/tokens/PrincipalToken.sol#L171-L173
Vulnerability details
Impact
The external function
Principal::deposit @ line 171
invokes a function with the same namedeposit() @ line 176
which doesn't have the slippage protection. See code blocks below.deposit() @ line 171
deposit() @ line 176
If the user calls
deposit() @ line 171
, he/she is susceptible to inconceivable shares loss because of the lack of slippage protection. However, there's another function with the same name that also invokesdeposit() @ line 176
with a slippage protection. It's the deposit functiondeposit() @ line 188
, shown below.This is the function that should have been invoked.
Tools Used
Manual Review
Recommended Mitigation Steps
Invoke the
deposit() @ line 188
withindeposit() @ line 171
by changing the code as shown below.Assessed type
Other