You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Mar 3, 2024. It is now read-only.
sherlock-admin opened this issue
Aug 29, 2023
· 1 comment
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
The LMPVault.sol should be 4626 compatible, but returned value from LMPVault.sol.redeem function is not same as returned value from LMPVault.sol.previewRedeem function.
Vulnerability Detail
Based on the project document, the The LMPVault.sol contract expected to comply with EIP ERC-4626. but because of in the process of removing liquidity from a project like Curve Finance, the user suffers some loss. but this loss is not shown in previewRedeem. So the assets amount received from redeem is always less than the asset amount shown from previewRedeem.
All official EIP-4626 requirements can be found on it's official page. Based on the ERC-4626 document, redeem should return the same or more assets as previewRedeem if called in the same transaction.
But in the LMPVault.sol, as i mentions at above, because of in the process of removing liquidity from a project like Curve Finance, the user suffers some loss. so in same transaction, returned value from LMPVault.sol.redeem function will not be same as returned value from LMPVault.sol.previewRedeem function.
Another problem is that At all, LMPVault.sol.withdraw method will not work because actualAssets always will be lower than assets. for example when you remove liquidity from Curve, there is some lose in transaction.
Other protocols that integrate with Tokemak may wrongly assume that the functions are EIP-4626 compliant. Thus, it might cause integration problems in the future that can lead to wide range of issues for both parties.
1 comment(s) were left on this issue during the judging contest.
Trumpero commented:
invalid, no compliance to ERC466 won't incur any problems for the tokemak
sherlock-admin2
changed the title
Blunt Inky Yeti - LMPVault.sol is not EIP-4626 compliant
0xSurena - LMPVault.sol is not EIP-4626 compliant
Oct 3, 2023
sherlock-admin2
added
Duplicate
A valid issue that is a duplicate of an issue with `Has Duplicates` label
and removed
Excluded
Excluded by the judge without consulting the protocol or the senior
labels
Oct 31, 2023
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
0xSurena
medium
LMPVault.sol is not EIP-4626 compliant
Summary
The
LMPVault.sol
should be 4626 compatible, but returned value fromLMPVault.sol.redeem
function is not same as returned value fromLMPVault.sol.previewRedeem
function.Vulnerability Detail
Based on the project document, the The
LMPVault.sol
contract expected to comply withEIP ERC-4626
. but because of in the process of removing liquidity from a project like Curve Finance, the user suffers some loss. but this loss is not shown inpreviewRedeem
. So the assets amount received fromredeem
is always less than the asset amount shown frompreviewRedeem
.All official EIP-4626 requirements can be found on it's official page. Based on the
ERC-4626
document,redeem should return the same or more assets as previewRedeem if called in the same transaction.
But in the
LMPVault.sol
, as i mentions at above, because of in the process of removing liquidity from a project like Curve Finance, the user suffers some loss. so in same transaction, returned value fromLMPVault.sol.redeem
function will not be same as returned value fromLMPVault.sol.previewRedeem
function.Another problem is that At all, LMPVault.sol.withdraw method will not work because actualAssets always will be lower than assets. for example when you remove liquidity from Curve, there is some lose in transaction.
Impact
Other protocols that integrate with
Tokemak
may wrongly assume that the functions are EIP-4626 compliant. Thus, it might cause integration problems in the future that can lead to wide range of issues for both parties.Code Snippet
https://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/vault/LMPVault.sol#L422
https://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/vault/LMPVault.sol#L372
Tool used
Manual Review
Recommendation
All functions mentioned above should be modified to meet the specifications of EIP-4626
Duplicate of #577
The text was updated successfully, but these errors were encountered: