DeFiFoundry
50,000 USDC
View results
Submission Details
Severity: low
Invalid

Dangerous Strict Equality in Share Calculation

Summary

The _mint function in PerpetualVault.sol uses dangerous strict equality checks when calculating shares, which could be manipulated by an attacker to gain disproportionate shares or disrupt the share calculation mechanism.

Vulnerability Details

The vulnerability exists in two critical strict equality checks:

// First dangerous check
if (totalShares == 0) {
_shares = depositInfo[depositId].amount * 1e8;
}
// Second dangerous check
if (totalAmountBefore == 0) totalAmountBefore = 1;

These strict equality comparisons against zero are dangerous because:

  1. They create distinct paths in the share calculation logic

  2. They can be manipulated by leaving dust amounts to force specific calculation paths

  3. The second check's fallback value of 1 can lead to inflated share calculations

Impact

High severity. An attacker could:

  1. Manipulate share calculations to receive more shares than intended

  2. Force unfavorable share ratios for subsequent depositors

  3. Extract value from the protocol through share price manipulation

Proof of Concept

Recommended Mitigation

Replace strict equality checks with minimum threshold checks:

// Add constants
uint256 private constant MIN_TOTAL_SHARES = 1e3;
uint256 private constant MIN_TOTAL_AMOUNT = 1e3;
function _mint(uint256 depositId, uint256 amount, bool refundFee, MarketPrices memory prices) internal {
uint256 _shares;
if (totalShares < MIN_TOTAL_SHARES) {
_shares = depositInfo[depositId].amount * 1e8;
} else {
uint256 totalAmountBefore;
if (positionIsClosed == false && _isLongOneLeverage(beenLong)) {
totalAmountBefore = IERC20(indexToken).balanceOf(address(this)) - amount;
} else {
totalAmountBefore = _totalAmount(prices) - amount;
}
if (totalAmountBefore < MIN_TOTAL_AMOUNT) totalAmountBefore = MIN_TOTAL_AMOUNT;
_shares = amount * totalShares / totalAmountBefore;
}
// ... rest of the function
}
Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Suppositions

There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.