Jaraxxus - BalanceVault is not EIP-4626 compliant

[sherlock-admin]

Jaraxxus

medium

BalanceVault is not EIP-4626 compliant

Summary

Other protocols that integrate with Perennial may wrongly assume that the functions are EIP-4626 compliant. Thus, it might cause integration problems in the future that can lead to wide range of issues for both parties.

Vulnerability Detail

Shares are not mintable or burnable as it does not inherit the ERC20 mint/burn functions.

The following functions are missing but should be present:

1. mint(uint256, address) returns (uint256)
2. withdraw(uint256, address, address) returns (uint256)
3. previewDeposit(uint assets) returns (uint shares)
4. previewMint(uint shares) returns (uint assets)
5. previewWithdraw(uint assets) returns (uint shares)
6. previewRedeem(uint shares) returns (uint assets)

The following functions should return 0 when their respective functions are disabled:

1. maxDeposit
2. maxRedeem

    function maxDeposit(address) external view returns (UFixed18) {
        (EpochContext memory context, ) = _loadContextForRead(address(0));
        return _maxDepositAtEpoch(context);
    }

    /**
     * @notice The maximum available redeemable amount
     * @dev Only exact when vault is synced, otherwise approximate
     * @param account The account to redeem for
     * @return Maximum available redeemable amount
     */
    function maxRedeem(address account) external view returns (UFixed18) {
        (EpochContext memory context, EpochContext memory accountContext) = _loadContextForRead(account);
        return _maxRedeemAtEpoch(context, accountContext, account);
    }

Impact

Protocol is not EIP-4626 compliant

Code Snippet

https://github.com/sherlock-audit/2023-05-perennial/blob/main/perennial-mono/packages/perennial-vaults/contracts/balanced/BalancedVault.sol#L11-L859

Tool used

Manual Review

Recommendation

All functions listed above should be modified to meet the specifications of EIP-4626.

Duplicate of #148