Vault.sol is not EIP-4626 compliant #260
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-129
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Lines of code
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L375
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L383
Vulnerability details
Impact
Based on the provided information, the vault is an ERC-4626 compatible vault.
The functions in Vault.sol, such as maxMint and maxDeposit, do not comply with the requirements of EIP-4626.
Other protocols that integrate with their Vault.sol may wrongly assume that the functions are EIP-4626 compliant. Thus, it might cause integration problems in the future that can lead to wide range of issues for both parties.
Proof of Concept
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L375
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L383
Tools Used
Recommended Mitigation Steps
Check the functions in Vault.sol to ensure they comply with EIP-4626.
Assessed type
ERC4626
The text was updated successfully, but these errors were encountered: