Deposit of users who are not free from minimum deposit will always revert when the deposit functio is called
Summary
Deposit of users who are not free from minimum deposit will always revert when the deposit functio is called
Vulnerability Detail
In the deposit function, it calls the _validateAmountUsdIn function when users are not free from minimum deposit.
Now, in the _validateAmountUsdIn function, it checks for the below:
if (totalDeposited[user] != 0) return;
That is, if the user depositing doesn't have 0 amount as totalDeposited, the the deposit function should revert. What this means is that, for every user not exempted from minimum deposit, the user must have 0 as totalDeposited for the mentioned check above to pass. If not, the deposit function would revert.
Impact
It means that all previous authorized users who have more than 0 amount as totalDeposited and are not free from the minimum deposit condition cannot will have their transaction revert when they call the deposit function - despite being authorized to deposit.
Sabit
medium
Deposit of users who are not free from minimum deposit will always revert when the deposit functio is called
Summary
Deposit of users who are not free from minimum deposit will always revert when the deposit functio is called
Vulnerability Detail
In the deposit function, it calls the _validateAmountUsdIn function when users are not free from minimum deposit.
Now, in the _validateAmountUsdIn function, it checks for the below:
if (totalDeposited[user] != 0) return;That is, if the user depositing doesn't have 0 amount as totalDeposited, the the deposit function should revert. What this means is that, for every user not exempted from minimum deposit, the user must have 0 as totalDeposited for the mentioned check above to pass. If not, the deposit function would revert.
Impact
It means that all previous authorized users who have more than 0 amount as totalDeposited and are not free from the minimum deposit condition cannot will have their transaction revert when they call the deposit function - despite being authorized to deposit.
Code Snippet
if (totalDeposited[user] != 0) return;https://github.com/sherlock-audit/2024-05-midas/blob/main/midas-contracts/contracts/DepositVault.sol#L159C6-L159C47
https://github.com/sherlock-audit/2024-05-midas/blob/main/midas-contracts/contracts/DepositVault.sol#L103C4-L105C10
Tool used
Manual Review
Recommendation
The below check should be removed from the _validateAmountUsdIn function:
if (totalDeposited[user] != 0) return;