Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Unnecessary Line in _mint Function and Potential Risks

parth

Serverity

Informational,
- The issue does not currently impact the protocol but could lead to problems in the future if the contract is upgraded or modified.
- Keeping this unnecessary line may create unexpected behavior and edge cases in future deployments.

Summary In the _mint() , there is a specific line:

if(totalAmountBefore = 0) totalAmountBefore = 1;

This is a problematic line :

It never gets executed under any normal situations also not in extreme cases.
If Somehow it gets executed it will grant the user/attacker a disproportionate amount of shares.

Expected vs. actual Behaviour

Case 1: The First Deposit Scenario
- This won't create any issue because it getting handled in the if block which is
  if (totalShares == 0) {
  _shares = depositInfo[depositId].amount * 1e8;
  }
- So it won't hit totalAmountBefore = 0 in this case.
Case 2: Normal Depositer Scenario
- In the normal deposit, totalAmountBefore is always calculated based on:
  totalAmountBefore = _totalAmount(prices) - amount;
  - _totalAmount(orices) is always considering all the vault assets. It also ensures it cannot reach 0.
Case 3: Position is Open or Close
- If positionIsClosed == false, totalAmountBefore is calculated as:
  totalAmountBefore =
  IERC20(indexToken).balanceOf(address(this)) -
  amount;
  - This also ensures that totalAmountBefore it can't be 0.
  - If positionIsClosed == true, _totalAmount(prices) is used, which will ensure a valid total before the amount.

Issue

If the line does get executed, it means totalAmountBefore was zero, which led to this:
- The calculation:
_shares = (amount * totalShares) / totalAmountBefore;
Becomes:
_shares = (amount * totalShares) / 1;
- Which would give the excess amount of shares to the single depister breaking the share distribution logic.

Potential Risk

Unintended Share Inflation: The depositors get way more shares than they should.
Attacker could craft tx that trigger this line, and get more shares than they should.

Recommendation

Remove the line as it is not needed or design something more robust against totlaAmountBefore = 0 instead of setting it 1.

Updates

Lead Judging Commences

n0kto Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

invalid_totalAmountBefore_is_1_incorrect_calculation_supposition

No proof when this can happen: Most of the time totalAmountBefore equals 0 (balance minus amount sent), it means totalShares equals 0. If it could happen with very specific conditions, report with that tag didn't add the needed details to be validated.

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.