Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Deposit Function Fails to Mint Shares Despite Valid Referral Code

foxb868

Summary

The deposit function does not enforce that shares must be minted after a successful deposit.

Vulnerability Details

/VaultRouterBranch.sol/deposit

deposit function in VaultRouterBranch.sol does not enforce that shares must be minted after a successful deposit. Additionally, the referral system may fail silently, causing the transaction to revert without updating vaultShares[vaultId]. This allows deposits to proceed without increasing the user's share balance, breaking the core functionality of the vault system.

Example

  1. A user calls the deposit function with valid parameters (vaultId=1, assets=100, referralCode=0x1234).

  2. The deposit function processes the transaction but fails to mint shares due to an issue in the referral system or invalid vault state.

  3. The transaction reverts, leaving vaultShares[vaultId] unchanged.

See this steps

  • Pre-Deposit:

    • vaultShares[vaultId] = 0

    • assets = 100

    • referralCode = 0x1234

  • Post-Deposit:

    • vaultShares[vaultId] = 0 (expected to increase)

Impact

Users may lose their deposited assets without receiving shares in return.

Tools Used

Vs

Recommendations

Add a check in the deposit function to ensure shares are minted

if (shares == 0) revert Errors.ZeroSharesMinted(); // <<: Ensure shares are minted after deposit
Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!