Lack of Balance Check in makeDeposit()

[hats-bug-reporter[bot]]

Github username: -- Twitter username: 97Sabit Submission hash (on-chain): 0x77a892d4ec59f320cb55262246d8ce7cba28d5ec4da095821183d8f76f1f381e Severity: high

Description: Description\ The makeDeposit() function in the contract does not check that the vault has a sufficient balance before attempting to transfer tokens to the bfx exchange contract.

Above the makeDeposit(), here's what the comment says:

• @dev the vault must have at least the specified amount before calling this function

The _doDeposit() internal function immediately attempts to transfer tokens via paymentToken.approve() and bfx.deposit().

If the vault balance is less than the deposit amount, the transfer will fail and could potentially revert the transaction However, there is no guarantee of a revert. The transfer could still go through partially, leading to unexpected behavior.

Proof of Concept (PoC) File

https://github.com/hats-finance/Blast-Futures-Exchange-0x97895c329b950755566ddcdad3395caaea395074/blob/e05c71bff53dcd9172bc714d0f9ddb2f403e23e1/foundry/src/BfxVault.sol#L216C1-L232C6

2. Revised Code File (Optional)

   Check if vault has enough balance before calling the makeDeposit function.

[alex-sumner]

If the transfer fails then the transaction is reverted by the Bfx contract:

    function deposit(uint256 amount) external nonReentrant {
        bool success = makeTransferFrom(msg.sender, address(this) , amount);
        require(success, "TRANSFER_FAILED");