Open hats-bug-reporter[bot] opened 3 months ago
This issue has been reviewed, and we have determined it to be invalid. Here are the reasons:
msg.value
beyond the required minimums results in additional shares being minted for the user in the vault. This is intentional and aligns with our protocol's design to incentivize higher contributions by providing proportional shares.In conclusion, the current implementation incentivizes user participation by converting excess msg.value
into additional shares. This design is intentional, and no changes are required.
Github username: @ShaheenRehman Twitter username: 0x_Shaheen Submission hash (on-chain): 0x57ccad036533feabb044359e7891a16783e609b47524cff3d350f51e4df3d0d0 Severity: low
Description: Description\ EthMultiVault's batch functions make sure that enough ETH is sent by the user but it doesn't strictly make sure that nor it refunds the excess ethers to the user which will result in ethers getting stuck in the contract as the function have no functionalit7y to rescue frozen tokens.
Attack Scenario\
EthMultiVault'
sbatchCreateAtom()
&batchCreateTriple()
allows users to create atoms or triples in a batch. For simplicity lets only examine thebatchCreateAtom
function:As we can see the function makes sure that the user sends enough
msg.value
:But a user can send more than enough
msg.value
, accidentaly or intentionally to make sure that the trx get successfully submitted. When this will happen, the user will loose the excess sent ethers because there is no refund functionality and no rescue tokens functionality, the excess ethers will be freezed in the contract.Recomended Mitigation\ There are 2 solutions to this issue:
msg.value
check: