search

sherlock-audit / 2024-03-arrakis-judging

2 stars 2 forks source link

0xAadi - Initial depositor has to spend additional amount to mint MINIMUM_LIQUIDITY and it canot be withdrawn #91

Closed sherlock-admin2 closed 4 months ago

sherlock-admin2 commented 4 months ago

0xAadi

medium

Initial depositor has to spend additional amount to mint MINIMUM_LIQUIDITY and it canot be withdrawn

Summary

Initial depositor in ArrakisMetaVaultPublic.sol has to spend MINIMUM_LIQUIDITY to mint shares and this MINIMUM_LIQUIDITY is reduced from his shares. And this amount is not able to withdrawn by the depositor.

Vulnerability Detail

The vulnerability lies in the mint function of ArrakisMetaVaultPublic contract

    function mint(
        uint256 shares_,
        address receiver_
    ) external payable returns (uint256 amount0, uint256 amount1) {
        if (shares_ == 0) revert MintZero();
        uint256 supply = totalSupply();

@>      uint256 proportion = FullMath.mulDivRoundingUp(
            shares_, BASE, supply > 0 ? supply : 1 ether
        );

        if (receiver_ == address(0)) revert AddressZero("Receiver");

        if (supply == 0) {
            _mint(address(0), MINIMUM_LIQUIDITY);
            shares_ = shares_ - MINIMUM_LIQUIDITY;
        }

        _mint(receiver_, shares_);

        (amount0, amount1) = _deposit(proportion);

        emit LogMint(shares_, receiver_, amount0, amount1);
    }

https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/ArrakisMetaVaultPublic.sol#L51C1-L74C6

Here in the above code you can see the proportion is calculated wrongly before minting the MINIMUM_LIQUIDITY. At the time of deposting the propotion the totalSupply will be the MINIMUM_LIQUIDITY. So the prpotion should be calculated after minting the MINIMUM_LIQUIDITY.

And the minting of MINIMUM_LIQUIDITY is added in account of the initial depositor which is wrong mechanism this adds liabilities to the first depositor and propotion is calculated with 1 ether, which make the propostion too small if we comparing the propostion with the second depositor who minting the same shares.

Impact

The initial depositor has to spend additional amount to mint the MINIMUM_LIQUIDITY and its not possible to withdrawn this. And the prpotion is too small comparing to the futual deposits.

Code Snippet

https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/ArrakisMetaVaultPublic.sol#L66C1-L66C51

Tool used

Manual Review

Recommendation

Update the code like the below snippet.

    function mint(
        uint256 shares_,
        address receiver_
    ) external payable returns (uint256 amount0, uint256 amount1) {
        if (shares_ == 0) revert MintZero();
-       uint256 supply = totalSupply();

-       uint256 proportion = FullMath.mulDivRoundingUp(
            shares_,
            BASE,
            supply > 0 ? supply : 1 ether
        );

        if (receiver_ == address(0)) revert AddressZero("Receiver");

        if (supply == 0) {
            _mint(address(0), MINIMUM_LIQUIDITY);
-           shares_ = shares_ - MINIMUM_LIQUIDITY;
        }
+       uint256 supply = totalSupply();

+       uint256 proportion = FullMath.mulDivRoundingUp(
            shares_,
            BASE,
            supply
        );

        _mint(receiver_, shares_);

        (amount0, amount1) = _deposit(proportion);

        emit LogMint(shares_, receiver_, amount0, amount1);
    }
cu5t0mPeo commented 3 months ago

Intentionally designed.