Unlimited Deposit Amounts Without Optional Deposit Limits
Description
The availableDepositLimit function, which can be overridden to enforce a maximum deposit limit, is not implemented and defaults to allowing unlimited deposits:
In the StrategyOp contract, the function is commented out and not overridden:
Impact
Risk of Oversized Deposits: Without deposit limits, a single user could deposit an excessively large amount, which might impact the strategy's performance or risk management.
Potential for Abuse: Malicious actors might attempt to manipulate the strategy by making large deposits and withdrawals to influence returns or exploit timing discrepancies.
Liquidity Management Challenges: Large, unexpected deposits can affect the strategy's ability to manage liquidity effectively.
Recommendation
-
Assess Need for Deposit Limits: Evaluate whether implementing a deposit limit aligns with the strategy's goals and risk management practices.
-
Implement Deposit Limits if Necessary: If appropriate, override the
availableDepositLimitfunction to enforce a maximum deposit amount per user or globally.uint256 public depositLimit;function setDepositLimit(uint256 _limit) external onlyManagement {depositLimit = _limit;}function availableDepositLimit(address /*_owner*/) public view override returns (uint256) {uint256 totalAssets = TokenizedStrategy.totalAssets();return totalAssets >= depositLimit ? 0 : depositLimit - totalAssets;}
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.