Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Absence of Deposit Cap Enforcement

mustaphaabdulaziz00

Summary

https://github.com/Cyfrin/2025-01-zaros-part-2/blob/39e33b2f6b3890573bb1affc41a7e520277ceb2c/src/zlp/ZlpVault.sol#L123

https://github.com/Cyfrin/2025-01-zaros-part-2/blob/39e33b2f6b3890573bb1affc41a7e520277ceb2c/src/zlp/ZlpVault.sol#L128

The ZlpVault contract does not enforce a strict deposit cap during the deposit and mint operations. Although the maxDeposit function calculates the maximum allowable deposit, the value is not explicitly checked in the overridden deposit and mint functions. This could allow malicious or accidental over-depositing of assets, bypassing the intended cap.

Vulnerability Details

function deposit(uint256 assets, address receiver) public override onlyMarketMakingEngine returns (uint256) {
return super.deposit(assets, receiver);
}
function mint(uint256 shares, address receiver) public override onlyMarketMakingEngine returns (uint256) {
return super.mint(shares, receiver);
}

These functions do not validate whether assets (or the equivalent derived value from shares) exceed the cap calculated in maxDeposit.

While maxDeposit returns the remaining allowable deposit based on the cap, its result is never used to enforce restrictions in the actual deposit logic.

Exploitation Scenario:

An attacker or buggy interaction could deposit more assets than permitted by the cap, causing:

The vault to exceed its designed capacity, which might destabilize dependent systems.

A potential DoS vulnerability if over-deposits cause misalignment with downstream calculations or external dependencies.

Impact

Asset Overflow: The vault could accumulate more assets than intended, potentially disrupting liquidity balancing mechanisms.

Broken Invariants: Downstream systems relying on the deposit cap may malfunction.

Loss of Funds: Over-deposits could cause systemic issues leading to the loss of user or protocol funds.

Tools Used

Recommendations

Enforce Cap in deposit Function

Update the deposit function to validate the assets amount against maxDeposit:

function deposit(uint256 assets, address receiver) public override onlyMarketMakingEngine returns (uint256) {
uint256 maxAssets = maxDeposit(receiver);
require(assets <= maxAssets, "Deposit exceeds cap");
return super.deposit(assets, receiver);
}

Enforce Cap in mint Function

Update the mint function to ensure the derived assets value does not exceed maxDeposit:

function mint(uint256 shares, address receiver) public override onlyMarketMakingEngine returns (uint256) {
uint256 assets = previewMint(shares); // previewMint is inherited from ERC4626
uint256 maxAssets = maxDeposit(receiver);
require(assets <= maxAssets, "Mint exceeds cap");
return super.mint(shares, receiver);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
5 months ago
inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.