search

code-423n4 / 2024-02-spectra-findings

4 stars 2 forks source link

`PrincipalToken::maxDeposit` will not work for some tokens that don't support `type(uint256).max` amount. #242

Closed c4-bot-7 closed 6 months ago

c4-bot-7 commented 6 months ago

Lines of code

https://github.com/code-423n4/2024-02-spectra/blob/main/src/tokens/PrincipalToken.sol#L442

Vulnerability details

Impact

Loss of functionality. Tokens that don't support type(uint256).max amount could not be deposited.

Vulnerability Details

There are tokens that doesn't support type(uint256).max amount. So the maxDeposit will not work for some tokens like UNI or COMP who will revert when approve type(uint256).max amount.

    /** @dev See {IPrincipalToken-maxDeposit}. */
    function maxDeposit(address) external pure override returns (uint256) {
        return type(uint256).max;
    }

Tools Used

Manual Review

Recommended Mitigation Steps

I would suggest approve only the necessary amount of token instead of max amount.

Assessed type

ERC20

c4-pre-sort commented 6 months ago

gzeon-c4 marked the issue as insufficient quality report

gzeoneth commented 6 months ago

no exploit

c4-judge commented 6 months ago

JustDravee marked the issue as unsatisfactory: Invalid