search

sherlock-audit / 2023-01-derby-judging

4 stars 1 forks source link

Avci - wrong check can cause users unable to deposti after some amount e.g. user wants to deposit max but cannot after certain amount cannot #402

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

Avci

medium

wrong check can cause users unable to deposti after some amount e.g. user wants to deposit max but cannot after certain amount cannot

Summary

the wrong check can cause users unable to deposit after some amount e.g. user wants to deposit max but cannot after a certain amount cannot

Vulnerability Detail


      require(_amount + balanceSender <= maxTrainingDeposit);

for example, user wants to deposit in main value contract, if users balance was equal or near to max amount with plus the amount of the deposit will cause user not to pass require a check and cannot deposit.

Impact

will cause user not to pass require a check and cannot deposit.

Code Snippet

function deposit(
    uint256 _amount,
    address _receiver
  ) external nonReentrant onlyWhenVaultIsOn returns (uint256 shares) {
    if (training) {
      require(whitelist[msg.sender]);
      uint256 balanceSender = (balanceOf(msg.sender) * exchangeRate) / (10 ** decimals());
      require(_amount + balanceSender <= maxTrainingDeposit);
    }

    uint256 balanceBefore = getVaultBalance() - reservedFunds;
    vaultCurrency.safeTransferFrom(msg.sender, address(this), _amount);
    uint256 balanceAfter = getVaultBalance() - reservedFunds;

    uint256 amount = balanceAfter - balanceBefore;
    shares = (amount * (10 ** decimals())) / exchangeRate;

    _mint(_receiver, shares);
  }

https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/MainVault.sol#L113

Tool used

Manual Review

Recommendation

consider modifying the logic of function that the amount should not sum to balance of sender