This repository has been archived by the owner on Mar 3, 2024. It is now read-only.
0x3b - LMPVaultRouterBase will charge a user 2x the deposit amount #188
Comments
github-actions
bot
added
High
sherlock-admin2
changed the title
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
0x3b
high
LMPVaultRouterBase will charge a user 2x the deposit amount
Summary
If a user uses ETH to mint/deposit in LMPVaultRouterBase, it will pull 2x the deposit amount from the user, while supplying him with 1x the tokens.
Vulnerability Detail
When using ETH in LMPVaultRouter to mint or deposit (bolt are in LMPVaultRouterBase) it first pulls the ETH into the contract and then pulls the baseAsset (ex. WETH) with PeripheryPayments, where recipient is
address(this)and from ismsg.sender. However as you can see firstly ETH is pulled from this user and then WETH.Impact
User is charged 2x if he uses ETH to funds the Vault.
Code Snippet
https://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/vault/LMPVaultRouterBase.sol#L23-L57
Tool used
Manual Review
Recommendation
Either remove the ETH method or make it in a way so that it pull the WETH from the contract.
Duplicate of #1
The text was updated successfully, but these errors were encountered: