Improper design results in large minimum deposit requirement for high-value tokens, preventing most investors #523
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-367
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/PublicVault.sol#L96-L108
Vulnerability details
Impact
If the asset is WBTC, under the current design, the minDepositAmount will be 0.1 WBTC, valued more than 2000 US dollars, which is a excessively high minimum single investment amount for most investors, seriously affecting the efficiency of fundraising investment.
Proof of Concept
https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/PublicVault.sol#L96-L108
WBTC decimals is
8
,minDepositAmount()
for WBTC will be10**7 wei
worth more than 2000 USDRecommended Mitigation Steps
consider add a storage
minDepositAmount
inVIData
, and let owner set itThe text was updated successfully, but these errors were encountered: