Possible loss of significant Portfolio token value for all users who deposit
Denial of service if totalSupply overflows
Description
The asset manager can decide to seriously inflate the token value of PortfolioToken by setting the initialPortfolioAmount to a very high number at initialization of the vault and then deposit minimal amount of funds to mint these funds to their own address.
VaultManager.sol - _depositAndMint()
function _depositAndMint(
address _depositFor,
uint256 _minMintAmount,
uint256 _depositRatio
) internal {
uint256 _totalSupply = totalSupply();
uint256 tokenAmount;
// If the total supply is zero, this is the first deposit, and tokens are minted based on the initial amount.
if (_totalSupply == 0) {
tokenAmount = assetManagementConfig().initialPortfolioAmount();
// Reset the high watermark to zero if it's not the first deposit.
feeModule().updateHighWaterMark(0);
} else {
// Calculate the amount of portfolio tokens to mint based on the deposit.
tokenAmount = _getTokenAmountToMint(_depositRatio, _totalSupply);
}
// Ensure the minted amount meets the user's minimum expectation to mitigate slippage.
_verifyUserMintedAmount(tokenAmount, _minMintAmount);
// Mint the calculated portfolio tokens to the user, applying any cooldown periods.
tokenAmount = _mintTokenAndSetCooldown(_depositFor, tokenAmount);
uint256 userBalanceAfterDeposit = balanceOf(_depositFor);
// Notify listeners of the deposit event.
emit Deposited(
address(this),
_depositFor,
tokenAmount,
userBalanceAfterDeposit
);
}
This is because there is no upper limit enforced at the PortfolioFactory vault deployment and in updateInitialPortfolioAmount() for the maximum initial portfolio amount.
Recommendation
Consider to introduce a variable maximumInitialPortfolioAmount in ProtocolConfig that and enforce that initialPortfolioAmount is below this in both at portfolio deployment and in updateInitialPortfolioAmount().
Github username: @0xfuje Twitter username: 0xfuje Submission hash (on-chain): 0x6aac67f00d2c3d7d70f3cc7e0a7b6978bb07ad16f5410014feb0e7fa7d956e00 Severity: medium
Description:
Impact
Portfolio
token value for all users who deposittotalSupply
overflowsDescription
The asset manager can decide to seriously inflate the token value of
PortfolioToken
by setting theinitialPortfolioAmount
to a very high number at initialization of the vault and then deposit minimal amount of funds to mint these funds to their own address.VaultManager.sol
-_depositAndMint()
This is because there is no upper limit enforced at the
PortfolioFactory
vault deployment and inupdateInitialPortfolioAmount()
for the maximum initial portfolio amount.Recommendation
Consider to introduce a variable
maximumInitialPortfolioAmount
inProtocolConfig
that and enforce thatinitialPortfolioAmount
is below this in both at portfolio deployment and inupdateInitialPortfolioAmount()
.