minDepositAmount is compared against a wrong variable #487
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-486
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/AstariaXYZ/astaria-gpl/blob/4b49fe993d9b807fe68b3421ee7f2fe91267c9ef/src/ERC4626-Cloned.sol#L27
https://github.com/AstariaXYZ/astaria-gpl/blob/4b49fe993d9b807fe68b3421ee7f2fe91267c9ef/src/ERC4626-Cloned.sol#L43
Vulnerability details
The following
require
statement Indeposit
of ERC4626-Cloned.solis ensuring
shares
is greater thanminDepositAmount()
, even though it should be ensuringassets > minDepositAmount()
(like how it’s done in themint
method).Impact
An unexpected amount of
assets
can be deposited; or a valid amount ofassets
cannot be deposited.Proof of Concept
See the attached links.
Tools Used
Manual analysis
Recommended Mitigation Steps
Fix the require statement with the right invariant.
The text was updated successfully, but these errors were encountered: