The _mint
function in PerpetualVault.sol uses dangerous strict equality checks when calculating shares, which could be manipulated by an attacker to gain disproportionate shares or disrupt the share calculation mechanism.
The vulnerability exists in two critical strict equality checks:
These strict equality comparisons against zero are dangerous because:
They create distinct paths in the share calculation logic
They can be manipulated by leaving dust amounts to force specific calculation paths
The second check's fallback value of 1 can lead to inflated share calculations
High severity. An attacker could:
Manipulate share calculations to receive more shares than intended
Force unfavorable share ratios for subsequent depositors
Extract value from the protocol through share price manipulation
Replace strict equality checks with minimum threshold checks:
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.