BriVault

First Flight #52

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

Incorrect Minimum Deposit Validation — minimumAmount + fee > assets

eagerpanda582

Root + Impact

Description

Normal Behavior:
The vault should ensure that a user’s net deposit (after deducting participation fees) is at least equal to the minimumAmount.
In other words, the condition should check whether:
assets - fee >= minimumAmount
Specific Issue:
The current implementation incorrectly uses the following condition:
if (minimumAmount + fee > assets) revert lowFeeAndAmount();

This logic assumes assets excludes the fee — but in reality, the user’s input (assets) already includes both the deposit and the fee.
As a result, even valid deposits (e.g., slightly above the minimum) unfairly revert, blocking legitimate users from participating.

// Current faulty code

uint256 fee = _getParticipationFee(assets);

if (minimumAmount + fee > assets) { // @> Wrong comparison

revert lowFeeAndAmount();

}

Risk

Likelihood:

High — Every deposit call is affected by this logic error.
Even correct inputs will revert, especially when the fee is small and the deposit amount is near the minimum threshold.

Impact:

Denial of Service (DoS): Users cannot participate even with valid amounts.
Usability Impact: Vault becomes non-functional for deposits close to the minimum threshold.
Economic Impact: Participants overpay or fail to enter, reducing engagement.

Proof of Concept

// Wrong: minimumAmount + fee > assets

// Example: 100 + 1.01 > 101 → TRUE → revert

// But user net = 99.99 < 100 → still revert, but reason is wrong!

Recommended Mitigation

Compare net deposit (after fee deduction) with minimumAmount.

- if (minimumAmount + fee > assets) {

- revert lowFeeAndAmount();

- }

+ uint256 netDeposit = assets - fee;

+ if (netDeposit < minimumAmount) {

+ revert lowFeeAndAmount();

+ }

Updates

Appeal created

bube Lead Judge 19 days ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

193

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!