H-01 MitigationConfirmed

[c4-bot-7]

Lines of code

Vulnerability details

C4 Issue

H-01: V3Vault.sol permit signature does not check receiving token address is USDC

Issue Details

V3Vault.sol did not validate that the assets transferred using permit2.permitTransferFrom() are in the same token as the vault underlying token, which allowed an exploiter to transfer any ERC20 token and distort shares/asset calculation.

Mitigation

PR-368 successfully mitigates the original issue by introducing the following check inside the 3 functions of V3Vault.sol that employ permit2 - liquidate(), _repay(), _deposit():

 if (permit.permitted.token != asset) {  revert InvalidToken(); }

Conclusion

Mitigation Confirmed

[c4-judge]

jhsagd76 marked the issue as satisfactory