max deposit check works wrong

[c4-bot-6]

Lines of code

https://github.com/code-423n4/2024-05-bakerfi/blob/main/contracts/core/Vault.sol#L214

Vulnerability details

Proof of Concept

User are restricted to not deposit more than settings().getMaxDepositInETH() to the Vault.

In order to check which amount user deposited they sum msg.value + currentDepositedValue.

To calculate user's current position they call _tokenPerETH(maxPriceAge).
https://github.com/code-423n4/2024-05-bakerfi/blob/main/contracts/core/Vault.sol#L334-L340

    function _tokenPerETH(uint256 priceMaxAge) internal view returns (uint256) {
        uint256 position = _totalAssets(priceMaxAge);
        if (totalSupply() == 0 || position == 0) {
            return 1 ether;
        }
        return (totalSupply() * 1 ether) / position;
    }

This function calculates how many Vault tokens should be paid for ETH, but what we need to check max deposit breach is how many ETH 1 vault token costs.
As a result, max deposit check will work incorrectly.

Impact

Max deposit check will work incorrectly.

Tools Used

VsCode

Recommended Mitigation Steps

Use 1/_tokenPerETH() as Vault token price.

Assessed type

Error

[c4-judge]

0xleastwood marked the issue as duplicate of #29

[c4-judge]

0xleastwood marked the issue as satisfactory