If the user calls depositIBT() @ line 201, he/she is susceptible to inconceivable shares loss because of the lack of slippage protection. However, there's another function with the same name that also invokes depositIBT() @ line 206 and this time, with a slippage protection. It's the deposit function depositIBT() @ line 216, shown below.
Lines of code
https://github.com/code-423n4/2024-02-spectra/blob/383202d0b84985122fe1ba53cfbbb68f18ba3986/src/tokens/PrincipalToken.sol#L201-L202
Vulnerability details
Impact
The external function
Principal::depositIBT @ line 201
invokes a function with the same namedepositIBT() @ line 206
which doesn't have the slippage protection. See code blocks below.depositIBT @ line 201
depositIBT() @ line 206
If the user calls
depositIBT() @ line 201
, he/she is susceptible to inconceivable shares loss because of the lack of slippage protection. However, there's another function with the same name that also invokesdepositIBT() @ line 206
and this time, with a slippage protection. It's the deposit functiondepositIBT() @ line 216
, shown below.depostIBT() @ line 216
This is the function that should have been invoked.
Tools Used
Manual Review
Recommended Mitigation Steps
Invoke the
depostIBT() @ line 216
withindepositIBT @ line 201
and change the code as shown below.Assessed type
Other