search

code-423n4 / 2024-04-panoptic-findings

7 stars 3 forks source link

`deposit` fails to validate the maximum deposit amount. #300

Open c4-bot-8 opened 4 months ago

c4-bot-8 commented 4 months ago

Lines of code

https://github.com/code-423n4/2024-04-panoptic/blob/58dda1b3b74e48f4d924731ec5da14096043fde0/contracts/CollateralTracker.sol#L420

Vulnerability details

Impact

due to the improper check, system is possible to mint more token than it should, and the maxMint limit may not work

Proof of Concept

we have maxMint check function defined :

     function maxMint(address) external view returns (uint256 maxShares) {
        unchecked {
            return (convertToShares(type(uint104).max) * DECIMALS) / (DECIMALS + COMMISSION_FEE);
        }
    }

but in actual mint function, we do not use this function:

function mint(uint256 shares, address receiver) external returns (uint256 assets) {
        assets = previewMint(shares);
@>        if (assets > type(uint104).max) revert Errors.DepositTooLarge();

 ...

we just use type(uint104).max instead of maxMint,which makes the maxmint check not work properly

Tools Used

manual

Recommended Mitigation Steps

change to maxMint check

Assessed type

Invalid Validation

c4-judge commented 4 months ago

Picodes marked the issue as duplicate of #553

c4-judge commented 4 months ago

Picodes marked the issue as satisfactory

c4-judge commented 4 months ago

Picodes changed the severity to QA (Quality Assurance)

c4-judge commented 4 months ago

Picodes marked the issue as grade-b