Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Incorrect shares will be provided if totalAmountBefore is 0

ashishlach

Summary

Below code is added in mint() function inside PerpetualVault.sol contract which might not work properly as it will mint more than required shares.

If amount is 10, totalShares is 100 and TotalAmountBefore is 1 then shares which will be minted will be 1000 (amount * totalshares)

if (totalAmountBefore == 0) totalAmountBefore = 1;
_shares = amount * totalShares / totalAmountBefore;

Vulnerability Details

https://github.com/CodeHawks-Contests/2025-02-gamma/blob/84b9da452fc84762378481fa39b4087b10bab5e0/contracts/PerpetualVault.sol#L773

Impact

More than required shares will be provided

Tools Used

Manual review

Recommendations

Update to this code

if (totalAmountBefore == 0) {
_shares = amount;
} else {
_shares = (amount * totalShares) / totalAmountBefore;
}
Updates

Lead Judging Commences

n0kto Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

invalid_totalAmountBefore_is_1_incorrect_calculation_supposition

No proof when this can happen: Most of the time totalAmountBefore equals 0 (balance minus amount sent), it means totalShares equals 0. If it could happen with very specific conditions, report with that tag didn't add the needed details to be validated.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.