Open hats-bug-reporter[bot] opened 1 week ago
VaultCalculations.sol:
function _getTokenAmountToMint(
uint256 _depositRatio,
uint256 _totalSupply
) internal view returns (uint256) {
uint256 mintAmount = _calculateMintAmount(_depositRatio, _totalSupply);
if (mintAmount < assetManagementConfig().minPortfolioTokenHoldingAmount()) {
revert ErrorLibrary.MintedAmountIsNotAccepted();
}
return mintAmount;
}
Github username: -- Twitter username: -- Submission hash (on-chain): 0xcd2f1e1d1a3d3b477279e57b8fe6bd733284aee673508470957631cb5c29e721 Severity: high
Description: Description\ A user depositing less than
minPortfolioTokenHoldingAmount
which is 0.01E or equivalent will be lost since he can't withdraw his tokens because there is a check in_beforeWithdrawCheck
function.Attack Scenario\
The internal function
function _multiTokenWithdrawal()
has a sanity check_beforeWithdrawCheck
in placeThe above function reverts if
balanceAfterRedemption < minPortfolioTokenHoldingAmount
and user won't ever be able to withdraw his balance in that case leading to loss of tokens.Attachments
Proof of Concept (PoC) File
Revised Code File (Optional) Ensure to put a logic for
minPortfolioTokenHoldingAmount
check while depositing the tokens too.