User can be redeemed more tokens than they deposited.
Summary
Users can redeem more tokens than they deposited. Even users who never deposited can be redeemed rewards.
GREENLISTED_ROLE , RESTRICTED
Vulnerability Detail
User A deposits $1,000 worth of USDC. The user's total deposited amount is increased, but when redeeming, there is no internal accounting to prevent the user from redeeming more than they deposited and thus a a malicious GREENLISTED_ROLE can transfer more tokens than user deposited when redeeming. Similarly, a malicious GREENLISTED_ROLE can transfer tokens to users who didn't deposit at all.
T_F_E
high
User can be redeemed more tokens than they deposited.
Summary
Users can redeem more tokens than they deposited. Even users who never deposited can be redeemed rewards.
GREENLISTED_ROLE , RESTRICTEDVulnerability Detail
User A deposits $1,000 worth of USDC. The user's total deposited amount is increased, but when redeeming, there is no internal accounting to prevent the user from redeeming more than they deposited and thus a a malicious GREENLISTED_ROLE can transfer more tokens than user deposited when redeeming. Similarly, a malicious GREENLISTED_ROLE can transfer tokens to users who didn't deposit at all.
Impact
Loss of funds for the protocol.
Code Snippet
https://github.com/sherlock-audit/2024-05-midas/blob/main/midas-contracts/contracts/RedemptionVault.sol#L61
Tool used
Manual Review
Recommendation
Make user of internal accounting while redeeming