-
Notifications
You must be signed in to change notification settings - Fork 8
xiaoming90 - previewRedeem
and redeem
functions deviate from the ERC4626 specification
#577
Comments
1 comment(s) were left on this issue during the judging contest. Trumpero commented:
|
previewRedeem
and redeem
functions deviate from the ERC4626 specificationpreviewRedeem
and redeem
functions deviate from the ERC4626 specification
Escalate I have confirmed with the protocol team that they anticipate external parties integrating directly with the LMPVault (e.g., vault shares as collateral), as shown below. The router is not applicable in the context of this issue, as ERC4626 is strictly applied to the LMPVault only. Per the judging docs, the issue will be considered as valid if there is external integrations.
Also, the contest page explicitly mentioned that the
In this case, non-conforming to ERC4626 is a valid Medium. |
You've created a valid escalation! To remove the escalation from consideration: Delete your comment. You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final. |
You've created a valid escalation! To remove the escalation from consideration: Delete your comment. You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final. |
I thought the EIP complicance issue is valid low in sherlock |
https://docs.sherlock.xyz/audits/judging/judging
|
#656 shows how deposit function reverts under certain conditions due to maxDeposit not being eip compliant, I think that will be a genuine problem for external integrators. I think this escalations result should also be reflected there. |
For this contest, it was explicitly mentioned in the contest page that the
|
I have confirmed with the protocol team that they anticipate external parties integrating directly with the LMPVault (e.g., vault shares as collateral), as shown below. Thus, there are external integrations. |
Exactly, it was explicitly mentioned in the contest page that code/contract expected / should to comply with 4626.
In case of conflict between information in the Contest README vs Sherlock rules, the README overrides Sherlock rules. |
I believe this issue is a low/info issue evidently. Judging docs of Sherlock clearly stated that:
Therefore, it should be an informational issue. The issue must cause a loss of funds (even if unlikely) to be considered as medium
Furthermore, according to Sherlock's judging docs, the external integrations in the future are not considered valid issues:
|
Current opinion is to accept escalation and make issue medium because of the following judging rule.
|
I believe this issue doesn't meet the requirements of a medium issue since it doesn't cause any loss, which is an important requirement to be a valid issue in Sherlock. Even without considering the Sherlock docs about EIP compliance, it only has a low impact, so I don't think it is a valid medium. Historically, the potential risk from a view function has never been accepted as a medium in Sherlock. Additionally, there is no potential loss since users should use the router to redeem, which protects users from any loss by using the minimum redeem amount. |
Disputing this point. Evidence |
The README explicitly stated that |
The core question is, does the README also override the severity classifications? It states that "Sherlock rules for valid issues" are overwritten. But it's unclear if the severity definitions are included in this, especially because the medium/high definitions are stated above this rule. The intention of this sentence is that the protocol can thrive in the context defined by the protocol team. In this case, it's clear that the team states that the Planning to make some changes to the Medium definition and |
Result: |
Escalations have been resolved successfully! Escalation status:
|
Will add #665 #465, #503 and #731 as duplicates as they point out an issue that will make the contract fail to comply with ERC4626. Because See #665 (comment) |
xiaoming90
medium
previewRedeem
andredeem
functions deviate from the ERC4626 specificationSummary
The
previewRedeem
andredeem
functions deviate from the ERC4626 specification. As a result, the caller (internal or external) of thepreviewRedeem
function might receive incorrect information, leading to the wrong decision being executed.Vulnerability Detail
Let the value returned by$asset_{preview}$ and the actual number of assets obtained from calling the $asset_{actual}$ .
previewRedeem
function beredeem
function beThe following specification of
previewRedeem
function is taken from ERC4626 specification:It mentioned that the$asset_{preview} \le asset_{actual}$ .
redeem
should return the same or moreassets
aspreviewRedeem
if called in the same transaction, which means that it must always beHowever, it is possible that the$asset_{preview} > asset_{actual}$ ), thus it does not conform to the specification.
redeem
function might return fewer assets than the number of assets previewed by thepreviewRedeem
(https://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/vault/LMPVault.sol#L422
Note that the
previewRedeem
function performs its computation based on the cachedtotalDebt
andtotalIdle
, which might not have been updated to reflect the actual on-chain market condition. Thus, these cached values might be higher than expected.Assume that$asset_{preview}$ .
totalIdle
is zero and all WETH has been invested in the destination vaults. Thus,totalAssetsToPull
will be set toIf a DV is making a loss, users could only burn an amount proportional to their ownership of this vault. The code will go through all the DVs in the withdrawal queue ($asset_{preview}$ .
withdrawalQueueLength
) in an attempt to withdraw as many assets as possible. However, it is possible that thetotalAssetsPulled
to be less thanhttps://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/vault/LMPVault.sol#L448
Impact
It was understood from the protocol team that they anticipate external parties to integrate directly with the LMPVault (e.g., vault shares as collateral). Thus, the LMPVault must be ERC4626 compliance. Otherwise, the caller (internal or external) of the
previewRedeem
function might receive incorrect information, leading to the wrong action being executed.Code Snippet
https://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/vault/LMPVault.sol#L422
Tool used
Manual Review
Recommendation
Ensure that$asset_{preview} \le asset_{actual}$ .
Alternatively, document that the
previewRedeem
andredeem
functions deviate from the ERC4626 specification in the comments and/or documentation.The text was updated successfully, but these errors were encountered: