Description:Description\
In the batchCreateTriple function of the EthMultiVault contract, there's an issue where potential ETH surplus from the division of msg.value by the number of triples is not accounted for or returned to the user. This can lead to small amounts of ETH being trapped in the contract, inaccessible to both users and the protocol.
Attack Scenario\
While not a direct security vulnerability, this issue can lead to the following problems:
Users consistently lose small amounts of ETH when creating multiple triples.
Over time, these small amounts can accumulate in the contract without any mechanism to retrieve them.
In extreme cases with many transactions, the accumulated ETH could become significant.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x45af594e37907786efc19eea5046d4b897518936ba6dc1ee0e011e4b1bfa26dd Severity: high
Description: Description\ In the
batchCreateTriple
function of the EthMultiVault contract, there's an issue where potential ETH surplus from the division ofmsg.value
by the number of triples is not accounted for or returned to the user. This can lead to small amounts of ETH being trapped in the contract, inaccessible to both users and the protocol.Attack Scenario\ While not a direct security vulnerability, this issue can lead to the following problems:
Attachments
Proof of Concept (PoC) File https://github.com/hats-finance/Intuition-0x538dbadc50cc87b281cd655f1edbc6ebda02a66a/blob/b2e422ff0c3e3729e58d2699fdf2ef8699fbd172/src/EthMultiVault.sol#L544-L570
Revised Code File (Optional)