There are no explicit checks mentioned here checking whether boostAmount can be greater than depositAmount.The vulnerability lies in the fact the deposit ensures a check whether boostAmount can never be greater than deposit amount.
function _deposit(uint256 _pid, uint256 _depositAmount, uint256 _boostAmount) internal {
if (isFarmingEnded()) {
revert FarmingIsEnded();
}
if (_depositAmount == 0) {
revert InvalidDeposit();
}
if (_boostAmount > _depositAmount) {
revert BoostTooHigh(_depositAmount);
}
However such a check is absent in the withdraw function which can cause an invariant break.
Impact
would drive system to a state where the boostamount would be greater than deposit amount causing users fund loss.
0xblack_bird
medium
Withdraw
lacks proper checks ,resulting in unexpected stateSummary
withdraw
function doesnt check if Boost amount can be greater than deposit amount during withdrawal,resulting in system being in an unexpected state.Vulnerability Detail
In
withdrawal
functionThere are no explicit checks mentioned here checking whether boostAmount can be greater than depositAmount.The vulnerability lies in the fact the
deposit
ensures a check whether boostAmount can never be greater than deposit amount.However such a check is absent in the
withdraw
function which can cause an invariant break.Impact
would drive system to a state where the boostamount would be greater than deposit amount causing users fund loss.
Code Snippet
https://github.com/sherlock-audit/2024-05-sophon/blob/main/farming-contracts/contracts/farm/SophonFarming.sol#L699C3-L743C1
Tool used
Manual Review
Recommendation
ensure proper checks in the
withdraw
to ensure deposit should be always greater than boostAmount