Users can't deposit an amount greater than the current vault balance, even if it is within the maxDepositAmount limit.
Summary
The protocol currently calculates the shares a user receives based on the token balance the protocol already holds. The issue with this approach is that if a user wants to provide more liquidity than the vault currently has, they won't be able to do so in a single deposit. This happens because the contract subtracts the provided amount from the current balance, leading to an underflow. As a result, users are forced to make multiple deposits and later close multiple positions when withdrawing, which is not the intended behavior of the protocol.
Vulnerability Details
Let's examine the _mint function:
As seen in the highlighted line, the function subtracts amount from the current balance, making it impossible to deposit more than the vault currently holds. This can lead to the following scenario:
Alice deposits 1,000 tokens.
Bob wants to deposit 50,000 tokens.
However, since the current balance is only 1,000, he is forced to make multiple deposits in the following sequence: 1,000 → 2,000 → 4,000 → 8,000 → 16,000 → 19,000.
As a result, the user must create 6 separate positions just to deposit the intended amount.
Impact
Users are unable to deposit their desired amount in a single transaction, creating an unnecessary restriction that the protocol did not intend.
Tools Used
Manual review.
Recommendations
Implement special handling to accommodate cases where a user provides an amount larger than the vault's current balance.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.