Closed c4-bot-4 closed 3 months ago
0xEVom marked the issue as sufficient quality report
0xEVom marked the issue as duplicate of #281
jhsagd76 changed the severity to QA (Quality Assurance)
This previously downgraded issue has been upgraded by jhsagd76
jhsagd76 changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/code-423n4/2024-03-revert-lend/blob/435b054f9ad2404173f36f0f74a5096c894b12b7/src/V3Vault.sol#L362-L384
Vulnerability details
When depositing, minting, withdrawing and redeeming the amount of assets returned are influenced by exchange rates.
Impact
User might experience losses when interacting with these function if the exchange rate becomes unfavorable
Proof of Concept
The functions deposit(), withdraw(), redeem() and mint() will either go through _deposit or _withdraw in order to finalize their logic, both the _deposit and _withdraw mechanism rely on volatile exchange rate that may increase or decrease depending on the current vault balances. If a user decides to withdraw or deposit at a moment where the exchange rate is lower this will negatively impact his asset.
Tools Used
Manual review
Recommended Mitigation Steps
Implement a slippage proof mechanism in order to bring more predictability to the system and its users. Consider these as inspiration:
Assessed type
Invalid Validation