Deposit Function Fails to Mint Shares Despite Valid Referral Code
Summary
The deposit function does not enforce that shares must be minted after a successful deposit.
Vulnerability Details
/VaultRouterBranch.sol/deposit
deposit function in VaultRouterBranch.sol does not enforce that shares must be minted after a successful deposit. Additionally, the referral system may fail silently, causing the transaction to revert without updating vaultShares[vaultId]. This allows deposits to proceed without increasing the user's share balance, breaking the core functionality of the vault system.
Example
A user calls the
depositfunction with valid parameters (vaultId=1,assets=100,referralCode=0x1234).The deposit function processes the transaction but fails to mint shares due to an issue in the referral system or invalid vault state.
The transaction reverts, leaving
vaultShares[vaultId]unchanged.
See this steps
-
Pre-Deposit:
vaultShares[vaultId] = 0assets = 100referralCode = 0x1234
-
Post-Deposit:
vaultShares[vaultId] = 0(expected to increase)
Impact
Users may lose their deposited assets without receiving shares in return.
Tools Used
Vs
Recommendations
Add a check in the deposit function to ensure shares are minted
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.