Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Withdrawals Do Not Decrement totalDepositAmount

etijie

Summary

The withdraw function does not reduce totalDepositAmount when funds are withdrawn. This means that once totalDepositAmount reaches maxDepositAmount, further deposits will be blocked, even if users have withdrawn tokens and the actual contract balance is lower.

Vulnerability Details

Proof of Concept

If deposits reach maxDepositAmount:

totalDepositAmount = maxDepositAmount;

And then users withdraw their tokens:

vault.withdraw(user, depositId);

Since totalDepositAmount is not decremented, new deposits are still blocked even though the contract balance is reduced.

Impact

Users may be unable to deposit despite available contract balance.
Encourages direct transfers instead of using deposit, worsening inconsistencies.
Contract fails to reflect the true net deposit amount.

Tools Used

manual review

Recommendations

Modify the withdraw function to decrement totalDepositAmount by the withdrawn amount:

function withdraw(address recipient, uint256 depositId) public payable nonReentrant {

_noneFlow();

flow = FLOW.WITHDRAW;

flowData = depositId;

if (recipient == address(0)) {

revert Error.ZeroValue();

}

if (depositInfo[depositId].timestamp + lockTime >= block.timestamp) {

revert Error.Locked();

}

if (EnumerableSet.contains(userDeposits[msg.sender], depositId) == false) {

revert Error.InvalidUser();

}

if (depositInfo[depositId].shares == 0) {

revert Error.ZeroValue();

}

// Reduce totalDepositAmount by the withdrawn amount

totalDepositAmount -= depositInfo[depositId].amount;

depositInfo[depositId].recipient = recipient;

_payExecutionFee(depositId, false);

if (curPositionKey != bytes32(0)) {

nextAction.selector = NextActionSelector.WITHDRAW_ACTION;

_settle();

} else {

MarketPrices memory prices;

_withdraw(depositId, hex'', prices);

}

Updates

Lead Judging Commences

n0kto Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.