reednaa
commented
10 months ago Frontrunning the function call can change the number of vaults tokens minted or withdrawn.
Open hats-bug-reporter[bot] opened 10 months ago
reednaa
commented
10 months ago Frontrunning the function call can change the number of vaults tokens minted or withdrawn.
Github username: -- Twitter username: 97Sabit Submission hash (on-chain): 0x5172b2b61ea439c3993f2b1722b84a12c54620b402d1160471f8d11dfeba07f6 Severity: low
Description: Description\ Since the vaultTokens are minted according to a predetermined ratio in the contract, enforcing a minimum on share output is not necessary. In fact, it could be an hinderance to users who doesn't know how the shares are calcuated.
Users don't have to calculate minimum share output themselves. The share minting ratio is fixed, so users will get the expected number of shares regardless of minOut.
There is no risk of getting zero shares as the ratio in place determines the share output.
Users who doesn't know how to calculata expected shares could input amounts greater than vaultTokens repeatedly. This serves as a bar from using the contract to such users.
The contract logic already ensures users get a fair share of the vaultTokens.
https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystVaultAmplified.sol#L436