Core Contracts

Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Submission Details
Severity: high
Invalid

Hardcoded `maxLoss=0` Leading to Withdrawal Failures

Summary

The maxLoss parameter is hardcoded to 0, causing withdrawals to revert under normal market conditions (e.g., minor slippage).

Vulnerability Details

maxLoss=0 enforces a 0% loss tolerance. Even trivial losses (e.g., 0.1% slippage) will revert the transaction, making withdrawals impractical.

Impact

  • Users cannot withdraw assets during normal operations.

  • Protocol usability is severely degraded.

Tools Used

Manual review

Recommendations

Allow users to specify maxLoss:

function _withdrawFromVault(uint256 amount, uint256 maxLoss) internal {
curveVault.withdraw(amount, msg.sender, msg.sender, maxLoss, new address[](0));
totalVaultDeposits -= amount;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Design choice
inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.