search

crytic / properties

Pre-built security properties for common Ethereum operations
GNU Affero General Public License v3.0
276 stars 42 forks source link

Remove try/catch from verify_depositProperties #10

Closed aviggiano closed 1 year ago

aviggiano commented 1 year ago

Remove try/catch block around vault.deposit from function verify_depositProperties.

The previous implementation seemed to be a work-in-progress piece of code left out in this contract, as the logic is different from the other functions: verify_mintProperties, verify_redeemProperties, and verify_withdrawProperties.

Moreover, the previous implementation would prevent echidna from successfully completing when deposits reverted due to an invalid parameter. For example, in case an ERC4264 vault requires a minimum deposit amount. This might be the case when the vault tries to address the issue H-01 Vault deposits can be front-run and user funds stolen from OpenZeppelin ERC4626 Tokenized Vault Audit by reverting when assets is zero.

bsamuels453 commented 1 year ago

lgtm; the try catch was definitely from back when it was WIP