Redundant Deposit Operation in VaultControllerStrategy Contract
Summary
Redundant Deposit Operation in VaultControllerStrategy Contract
Vulnerability Details
In the _depositToVaults function of the VaultControllerStrategy contract, there is a logic error when toDeposit equals canDeposit, potentially leading to redundant deposit operations. This not only increases unnecessary gas consumption but may also result in inconsistent contract states.
The logic of this code is:
If toDeposit > canDeposit, deposit the amount of canDeposit.
Otherwise (i.e. toDeposit <= canDeposit), deposit the amount of toDeposit.
The problem is when toDeposit == canDeposit:
It will execute the else branch
Deposit the amount of toDeposit (equal to canDeposit)
But it will not execute the break in if (toDeposit < canDeposit)
Continue to execute toDeposit = 0
Then enter the next loop
This may indeed result in an extra deposit when toDeposit == canDeposit. Because in this case, the loop should be exited after the deposit is completed, but it actually clears toDeposit and continues the loop.
Impact
Increase unnecessary gas consumption, especially in large-scale operations. It is very likely that this extra execution will cause gas out and make the entire transaction unable to execute successfully.
Tools Used
vscode
Recommendations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.