Closed sherlock-admin2 closed 4 months ago
Escalate
This issue should be considered high severity.
ArrakisPublicVaultRouter.addLiquidity()
will be reverted almost 100%. So, depositing through ArrakisPublicVaultRouter
is almost impossible, which is a break of core functionality.
Escalate
This issue should be considered high severity.
ArrakisPublicVaultRouter.addLiquidity()
will be reverted almost 100%. So, depositing throughArrakisPublicVaultRouter
is almost impossible, which is a break of core functionality.
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Main report of this family #54 is also escalated to increase severity, and as of now, I'm planning to accept it, hence all the duplicates of it (including this report) will be upgraded to high severity as well, so this escalation will be rejected.
Advice for future, if you want to increase severity or invalidate the entire family, it's better to escalate the main report. If you believe one of the duplicates is not a separate issue, then escalate that specific report.
Result: Medium Duplicate of #54
whitehair0330
high
ArrakisPublicVaultRouter.addLiquidity()
function can frequently revert due to rounding errors.Summary
In the adding liquidity functions, the deposited amounts of token0 and token1 are calculated twice. Because of the rounding error, these amounts have different values each other. So,
ArrakisPublicVaultRouter.addLiquidity()
function will revert very often.Vulnerability Detail
In L139 of the
ArrakisPublicVaultRouter.addLiquidity()
function, the received amounts of shares and the deposited amounts of tokens are calculated by using the_getMintAmounts
() function.https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/ArrakisPublicVaultRouter.sol#L122-L191
After transferring tokens from
msg.sender
to itself,IArrakisMetaVaultPublic(vault_).mint()
is called.https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/ArrakisPublicVaultRouter.sol#L869-L901
In the
ArrakisMetaVaultPublic.mint()
function, the proportion of the minted shares is calculated.https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/ArrakisMetaVaultPublic.sol#L51-L74
https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/ArrakisMetaVaultPublic.sol#L137-L154
And, the amounts of tokens are calculated, which are transferred from
ArrakisPublicVaultRouter
toalm
.https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/modules/ValantisHOTModulePublic.sol#L35-L96
However, these amounts can be larger than the amounts calculated in the
_getMintAmounts()
function.https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/ArrakisPublicVaultRouter.sol#L1194-L1234
The amount calculated in the
ArrakisPublicVaultRouter._getMintAmounts()
function is:allowedAmount = (amount0 * BASE / reserve0 ) * reserve0 / BASE;
The amount calculated in the
ValantisHOTModulePublic.deposit()
function is:shares = (amount0 * BASE / supply ) * reserve0 / BASE;
transferredAmount = roundingUp((roundingUp(shares * BASE / supply) * reserve0 / BASE));
transferredAmount
is smaller thanallowedAmount
very often due to rounding errors, thusArrakisPublicVaultRouter.addLiquidity()
will be reverted.For example: Assume that amount0 = 1000, reserve0 = 1e18 + 1, supply = 1e18. Then allowedAmount = 999, transferredAmount = 1000. So,
transferredAmount > allowedAmount
, which results in reverting.Impact
All functions adding liquidity such as
addLiquidity()
andswapAndAddLiquidity()
can frequently revert due to rounding errors.Code Snippet
https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/ArrakisPublicVaultRouter.sol#L122-L191
https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/ArrakisPublicVaultRouter.sol#L869-L901
https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/ArrakisMetaVaultPublic.sol#L51-L74
https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/modules/ValantisHOTModulePublic.sol#L35-L96
https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/ArrakisPublicVaultRouter.sol#L1194-L1234
Tool used
Manual Review
Recommendation
The
ArrakisPublicVaultRouter._getMintAmounts()
function should be modified to return correct needed amounts for minting.Duplicate of #54