Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

In _depositOnVaultCreation, totalAssets is incremented by shares rather than assets #74

Open
hats-bug-reporter bot opened this issue Jun 30, 2024 · 1 comment
Open

In _depositOnVaultCreation, totalAssets is incremented by shares rather than assets #74

hats-bug-reporter bot opened this issue Jun 30, 2024 · 1 comment
Labels
bug Something isn't working invalid This doesn't seem right

Comments

@hats-bug-reporter
Copy link

Github username: --
Twitter username: --
Submission hash (on-chain): 0xc4f119a4045fa21a13f7f2a8d6f1c9796d5a179a87c0df0b70828b2b7460ecd1
Severity: high

Description:
Description
Upon creation of an Atom, a user can be the first depositor in the Atom they've created using _depositOnVaultCreation.

Let's take a deeper look in _depositOnVaultCreation:

For easier explanation, let's assume 5 assets = 1 share;

_setVaultTotals is executed inside _depositOnVaultCreation to increase the totalAssets and totalShares after the deposit.
The problem here is both totalAssets and totalShares are increased with the totalDelta amount which holds the user's shares.

        uint256 totalDelta = isAtomWallet ? sharesForReceiver : sharesForReceiver + sharesForZeroAddress;

        // set vault totals for the vault
        _setVaultTotals(id, vaults[id].totalAssets + totalDelta, vaults[id].totalShares + totalDelta);

Attack Scenario
If a user deposits 5 ETH, the totalAssets should be increased with 5 and totalShares with only 1.

However, the totalAssetswill be increased with only 1 making the user at a loss.

Attachments

  1. Proof of Concept (PoC) File
  1. Revised Code File (Optional)
-        // set vault totals for the vault _setVaultTotals(id, vaults[id].totalAssets + totalDelta, vaults[id].totalShares + totalDelta);

+        // set vault totals for the vault _setVaultTotals(id, vaults[id].totalAssets + assets, vaults[id].totalShares + totalDelta);
@hats-bug-reporter hats-bug-reporter bot added the bug Something isn't working label Jun 30, 2024
@mihailo-maksa mihailo-maksa added the invalid This doesn't seem right label Jul 1, 2024
@mihailo-maksa mihailo-maksa mentioned this issue Jul 4, 2024
Open
@mihailo-maksa
Copy link
Collaborator

The report states that in the _depositOnVaultCreation function, totalAssets is incorrectly incremented by shares rather than assets.

Label: invalid

Comment:
When creating a vault, the assets-to-shares ratio is always 1:1. Therefore, incrementing totalAssets by totalShares or vice versa achieves the same result, making the current implementation valid.

Comment on the issue:
When creating a vault, the assets-to-shares ratio is always 1:1. Thus, incrementing totalAssets by totalShares or vice versa achieves the same result, making the current implementation valid. For clarity, we will add a comment in the code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working invalid This doesn't seem right
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mihailo-maksa