Platform: Code4rena
Start Date: 04/03/2024
Pot Size: $36,500 USDC
Total HM: 9
Participants: 80
Period: 7 days
Judge: hansfriese
Total Solo HM: 2
Id: 332
League: ETH
Rank: 9/80
Findings: 1
Award: $616.93
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: carrotsmuggler
616.9286 USDC - $616.93
The depositWithPermit function will not work as expected if the _asset does not support the permit functionality.
Some tokens(for example WETH and stETH) do not have a permit function and others(for example DAI) utilizes a permit function that deviates from the reference implementation.
This means that the permit will execute, but the allowance will not be correct, resulting in unexpected behaviour. The tokens above are widely used so it is likely for them to be the _asset of the vault. Also there are more tokens that have the same issues.
Manual Review
Consider adding a validation after the permit to check if the allowance is correct and revert with a message if not.
require(_asset.allowance(_owner, address(this)) >= _assets, "Allowance with permit failed.");
Error
#0 - c4-pre-sort
2024-03-12T00:59:17Z
raymondfam marked the issue as sufficient quality report
#1 - c4-pre-sort
2024-03-12T00:59:23Z
raymondfam marked the issue as duplicate of #17
#2 - c4-pre-sort
2024-03-13T05:14:34Z
raymondfam marked the issue as duplicate of #51
#3 - c4-judge
2024-03-15T08:11:59Z
hansfriese marked the issue as satisfactory