Platform: Code4rena
Start Date: 08/09/2023
Pot Size: $70,000 USDC
Total HM: 8
Participants: 84
Period: 6 days
Judge: gzeon
Total Solo HM: 2
Id: 285
League: ETH
Rank: 55/84
Findings: 1
Award: $50.43
🌟 Selected for report: 0
🚀 Solo Findings: 0
50.4324 USDC - $50.43
https://github.com/code-423n4/2023-09-centrifuge/blob/512e7a71ebd9ae76384f837204216f26380c9f91/src/InvestmentManager.sol#L383-L393 https://github.com/code-423n4/2023-09-centrifuge/blob/512e7a71ebd9ae76384f837204216f26380c9f91/src/InvestmentManager.sol#L396-L406
The EIP-4626 states that the function previewMint and previewWithdraw should be rounded up always, but that is not the case in the InvestmentManager.sol which makes it not fully compliant.
As can be seen by EIP-4626
https://eips.ethereum.org/EIPS/eip-4626
the function previewDeposit and previewRedeem must round down, which is done trough the whole functions, but previewMint and previewWithdraw should be rounded up, which is not the case as can be seen here https://github.com/code-423n4/2023-09-centrifuge/blob/512e7a71ebd9ae76384f837204216f26380c9f91/src/InvestmentManager.sol#L579-L581.
This will make the LiquidityPool.sol not fully EIP-4626 compliant as stated, which can lead to wrong assumptions if other protocol interact with Centrifuge.
Manual review
Consider implementing EIP-4626 fully and correctly to prevent wrong assumptions.
ERC4626
#0 - c4-pre-sort
2023-09-16T02:12:59Z
raymondfam marked the issue as low quality report
#1 - c4-pre-sort
2023-09-16T02:13:07Z
raymondfam marked the issue as duplicate of #25
#2 - c4-judge
2023-09-26T16:20:53Z
gzeon-c4 marked the issue as unsatisfactory: Invalid
#3 - c4-judge
2023-09-26T16:26:29Z
gzeon-c4 removed the grade
#4 - c4-judge
2023-09-26T16:26:36Z
gzeon-c4 marked the issue as not a duplicate
#5 - c4-judge
2023-09-26T16:26:47Z
gzeon-c4 marked the issue as duplicate of #34
#6 - c4-judge
2023-09-26T18:10:54Z
gzeon-c4 marked the issue as satisfactory