Skip to content
This repository has been archived by the owner on Mar 3, 2024. It is now read-only.

0xSurena - LMPVault.sol is not EIP-4626 compliant #202

Closed
sherlock-admin opened this issue Aug 29, 2023 · 1 comment
Closed

0xSurena - LMPVault.sol is not EIP-4626 compliant #202

sherlock-admin opened this issue Aug 29, 2023 · 1 comment
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Aug 29, 2023
edited by Evert0x

0xSurena

medium

LMPVault.sol is not EIP-4626 compliant

Summary

The LMPVault.sol should be 4626 compatible, but returned value from LMPVault.sol.redeem function is not same as returned value from LMPVault.sol.previewRedeem function.

Vulnerability Detail

Based on the project document, the The LMPVault.sol contract expected to comply with EIP ERC-4626. but because of in the process of removing liquidity from a project like Curve Finance, the user suffers some loss. but this loss is not shown in previewRedeem. So the assets amount received from redeem is always less than the asset amount shown from previewRedeem.

All official EIP-4626 requirements can be found on it's official page. Based on the ERC-4626 document, redeem should return the same or more assets as previewRedeem if called in the same transaction.

But in the LMPVault.sol, as i mentions at above, because of in the process of removing liquidity from a project like Curve Finance, the user suffers some loss. so in same transaction, returned value from LMPVault.sol.redeem function will not be same as returned value from LMPVault.sol.previewRedeem function.

Another problem is that At all, LMPVault.sol.withdraw method will not work because actualAssets always will be lower than assets. for example when you remove liquidity from Curve, there is some lose in transaction.

Impact

Other protocols that integrate with Tokemak may wrongly assume that the functions are EIP-4626 compliant. Thus, it might cause integration problems in the future that can lead to wide range of issues for both parties.

Code Snippet

https://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/vault/LMPVault.sol#L422
https://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/vault/LMPVault.sol#L372

Tool used

Manual Review

Recommendation

All functions mentioned above should be modified to meet the specifications of EIP-4626

Duplicate of #577
@github-actions github-actions bot added the Excluded Excluded by the judge without consulting the protocol or the senior label Sep 11, 2023
@sherlock-admin2
Copy link
Contributor

1 comment(s) were left on this issue during the judging contest.

Trumpero commented:

invalid, no compliance to ERC466 won't incur any problems for the tokemak

@sherlock-admin2 sherlock-admin2 changed the title Blunt Inky Yeti - LMPVault.sol is not EIP-4626 compliant 0xSurena - LMPVault.sol is not EIP-4626 compliant Oct 3, 2023
@sherlock-admin2 sherlock-admin2 added the Non-Reward This issue will not receive a payout label Oct 3, 2023
@midori-fuse midori-fuse mentioned this issue Oct 5, 2023
Open
@Evert0x Evert0x added the Medium A valid Medium severity issue label Oct 30, 2023
@sherlock-admin sherlock-admin added Reward A payout will be made for this issue and removed Non-Reward This issue will not receive a payout labels Oct 30, 2023
@sherlock-admin2 sherlock-admin2 added Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label and removed Excluded Excluded by the judge without consulting the protocol or the senior labels Oct 31, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Evert0x @sherlock-admin @sherlock-admin2