EthMultiVault.sol has utilized solady's FixedPointMathLib.sol and LibZip.sol libraries in contracts. The functionalies mainly like mulDiv() and mulDivUp() has been extensively used from these solady contracts.
The issue is that, current contracts have used a very old version of solady i.e version": "0.0.201 is being used. This is verified from lib folder in contracts repo. This version is not audited from audit firms.
The latest version of Solady is version": "0.0.213 which has several bugs fixed over the last 12 minor versions with lots of gas optimizations and refactoring.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x7eab7f2fb6837d2516e7b494d658617f0d003ebb5116b00b3030a4f8fff48220 Severity: low
Description: Description\
EthMultiVault.solhas utilized solady'sFixedPointMathLib.solandLibZip.sollibraries in contracts. The functionalies mainly likemulDiv()andmulDivUp()has been extensively used from these solady contracts.Following functions have used:
1)
_feeOnRaw(), 2)convertToShares(), 3)convertToAssets()The issue is that, current contracts have used a very old version of solady i.e
version": "0.0.201is being used. This is verified from lib folder in contracts repo. This version is not audited from audit firms.The latest version of Solady is
version": "0.0.213which has several bugs fixed over the last 12 minor versions with lots of gas optimizations and refactoring.All changes related to
FixedPointMathLibcan be checked at https://github.com/Vectorized/solady/commits/main/src/utils/FixedPointMathLib.sol?before=65a32cda377153622c4ad49ca79c0127e0f32a73+35Its recommended to avoid using deprecated or old versions of external libraries and should use latest versions of external libraries.
Solady has gone through rigorous security reviews by top Audit firms like Cantina. All reports can be checked at https://github.com/Vectorized/solady/tree/main/audits
Recommendation to fix\ Recommend to use latest version of Solady which has fixed bugs found in security audits.