Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

The `depositCap` invariant of the vault can be bypassed due to lack of input validation in the `deposit` function

hard1k

Summary

When creating a vault the owner sets the depositCap to any number. The reason for this is that a user should not be allowed to deposit or the vault should not have a number of assets greater than the depositCap.

Vulnerability Details

The deposit function in the VaultAssetBranch.sol is external and called by user to deposit assets in the vaults and get shares in exchange. These vaults have a deposit cap which is the max number of assets that can be deposited in the vault. But in the deposit function there is no validation for or restriction for the user that means that anyone can deposit any arbitrary amount of assets which can exceed the depositCap which was set at the time of creating the vault

Impact

Due to lack of input validation the vault can be deposited by assets greater than its depositCap

Tools Used

Manual Review

Recommendations

Enforce some input validation like a check for the assets > depositCap then revert.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

hard1k Submitter
4 months ago
inallhonesty Lead Judge
4 months ago
inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.