Certain tokens such as cUSDCv3 have transfer logic where when a transfer takes place their transfer functionality checks if the 'amount' to be transferred is type(uint256).max, if this is the case the balance of the sender is transferred. So if a user has a dust amount cUSDCv3 attempts to stake/deposit amount 'type(uint256).max' in this protocol, the actual transfer amount will be procesed as the user's total balance of that token, not type(uint256).max. Thus the staking function will register/queue the stake as type(uint256).max but in actuality only cUSDCv3.balanceOf(msg.sender) will have been transferred.
function deposit(uint256 _amount) external override onlyVaultController {
trackedTotalDeposits += SafeCast.toUint128(_amount);
token.safeTransferFrom(msg.sender, address(this), _amount);
IERC677(address(token)).transferAndCall(address(stakeController), _amount, "");
}
This can cause serious discrepancies with the protocol's intended logic. To remedy this, there can be a check to prevent users from passing type(uint256).max as the stake/deposit amount.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.