Submission Details
Severity:
The curveVault contract is deposit limited, which affects protocol main operations
Summary
When `curveVault` is configured , those excessed assets will be deposit into `curveVault`. However the `curveVault` has a deposit limitation , if deposit is greater than the deposit limitation transaction will be revert due to the "exceed deposit limit" error.
Vulnerability Details
Per to `curveVault`:
@internal
def _deposit(recipient: address, assets: uint256, shares: uint256):
"""
Used for `deposit` and `mint` calls to transfer the amount of `asset` to the vault,
issue the corresponding `shares` to the `recipient` and update all needed
vault accounting.
"""
assert assets <= self._max_deposit(recipient), "exceed deposit limit"
assert assets > 0, "cannot deposit zero"
assert shares > 0, "cannot mint zero"
Impact
deposit DOS
Tools Used
Review
Recommendations
add try/catch block while interacting with curveVault
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
LendingPool core operations revert if Curve vault is unavailable during rebalancing, even when sufficient liquidity exists in the pool
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
LendingPool core operations revert if Curve vault is unavailable during rebalancing, even when sufficient liquidity exists in the pool
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.