StakedUSDe.sol
violates ERC4626 specification
#222
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
edited-by-warden
grade-b
low quality report
This report is of especially low quality
primary issue
Highest quality submission among a set of duplicates
Q-75
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Lines of code
https://github.com/code-423n4/2023-10-ethena/blob/main/contracts/StakedUSDe.sol#L196-L215
https://github.com/code-423n4/2023-10-ethena/blob/main/lib/openzeppelin-contracts/contracts/token/ERC20/extensions/ERC4626.sol#L112-L120
Vulnerability details
Impact
StakedUSDe.sol
does not conform to ERC4626 which may break external integrations.Proof of Concept
ERC-4626 defines the methods
maxDeposit
,maxMint
,maxWithdraw
,maxRedeem
, which take an address as a parameter and return the maximum amount of assets/shares that can be deposited/withdrawn for that address.The ERC-4626: Tokenized Vaults specification says that
maxDeposit
:The same applies analogously for the returned value from
maxMint
,maxWithdraw
, andmaxRedeem
.Deposit/Mint
StakedUSDe.sol
inherits from OpenZeppelin'sERC4626.sol
which implementsmaxDeposit
andmaxMint
to return the valuetype(uint256).max
, which has the special meaning in the spec that there is no limit on the maximum assets/share that can be deposited/minted.However,
StakedUSDe.sol
overrides the OZ ERC4626_deposit
function and restrictions during depositing and minting (Github link).If the receiver is restricted with the
SOFT_RESTRICTED_STAKER_ROLE
, then the maximum assets/shares that can be deposited/minted is 0. This would fall under theuser-specific limits
category in the ERC4626 specification.Therefore
maxDeposit
andmaxMint
should return 0 ifreceiver
has roleSOFT_RESTRICTED_STAKER_ROLE
.Withdraw/Redeem
Note that there is not a bug with the implementation of
maxRedeem
andmaxWithdraw
. While_withdraw
may revert if there are restrictions on thecaller
andreceiver
, as far as the spec is concerned, only limits on theonwer
of the assets/shares are considiered. Theowner
can still withdraw/redeem all of their balance.Tools Used
Manual review, ERC-4626: Tokenized Vaults specification
Similar Issues from Previous Contests
Recommended Mitigation Steps
Override the OZ implementation of
maxDeposit
andmaxMint
to reflect the possible restrictions in_deposit
:Assessed type
ERC4626
The text was updated successfully, but these errors were encountered: