Curve mess up is posssible that leads to deposit function blocked
Summary
It's possible that the multiplier for deposited tokens will be calculated incorrectly when curves values are not validated and will be not possible to deposit.
Vulnerability Detail
When user deposits token then some multiplier is calculated to know the amount of share tokens to be minted. This multiplier is calculated here and it uses state variable curve inside.
It's possible that curve values will be provided in wrong order, because there is no validation nor in the constructor nor in the setter that curve[i+1] > curve[i]. There is only check that curve[i] is not bigger than maxBonus.
In case if curve[i+1] > curve[i] then this line in multiplier calculation function will revert with underflow error.
So depositing is not possible anymore.
Impact
Calculation of share tokens can be broken.
Code Snippet
Provided above
Tool used
Manual Review
Recommendation
Do validation of curve array elements, so curve[i+1] > curve[i].
rvierdiiev
medium
Curve mess up is posssible that leads to deposit function blocked
Summary
It's possible that the multiplier for deposited tokens will be calculated incorrectly when curves values are not validated and will be not possible to deposit.
Vulnerability Detail
When user deposits token then some multiplier is calculated to know the amount of share tokens to be minted. This multiplier is calculated here and it uses state variable
curveinside.It's possible that curve values will be provided in wrong order, because there is no validation nor in the constructor nor in the setter that
curve[i+1] > curve[i]. There is only check thatcurve[i]is not bigger thanmaxBonus.In case if
curve[i+1] > curve[i]then this line in multiplier calculation function will revert with underflow error. So depositing is not possible anymore.Impact
Calculation of share tokens can be broken.
Code Snippet
Provided above
Tool used
Manual Review
Recommendation
Do validation of curve array elements, so
curve[i+1] > curve[i].Duplicate of #111