Closed c4-bot-3 closed 6 months ago
gzeon-c4 marked the issue as sufficient quality report
gzeon-c4 marked the issue as primary issue
gzeon-c4 marked the issue as insufficient quality report
there is an overload that allow slippage control
gzeon-c4 marked the issue as duplicate of #246
JustDravee marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-02-spectra/blob/main/src/tokens/PrincipalToken.sol#L176 https://github.com/code-423n4/2024-02-spectra/blob/main/src/tokens/PrincipalToken.sol#L278
Vulnerability details
Impact
The
deposit
andwithdraw
functions do not check that users receive the expected number of shares based on previewed rates. This can lead to slippage and loss of value.Proof of Concept
In the
deposit
function, shares are minted based on current rates:Line of Code
There is no check that
shares
exceeds a minimum amount expected by the user.Similarly in
withdraw
:Line of Code
Scenario
Attacker manipulates market to change IBT/PT rates unfavorably
User calls
previewDeposit
and expects to receive 100 shares for 10 assetsAttacker stops manipulation, allowing rates to return to normal
User deposits 10 assets, but only receives 90 shares due to updated rates
User lost value due to slippage between preview and execution
Similar for withdraw - user may receive fewer assets than expected.
Tools
Manual Review
Recommended Mitigation Steps
Require minimum share amounts on
deposit
. Revert if received is less.Require maximum share amounts on
withdraw
. Revert if received is more.Assessed type
Invalid Validation