Platform: Code4rena
Start Date: 01/04/2024
Pot Size: $120,000 USDC
Total HM: 11
Participants: 55
Period: 21 days
Judge: Picodes
Total Solo HM: 6
Id: 354
League: ETH
Rank: 46/55
Findings: 1
Award: $32.96
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: DadeKuma
Also found by: 0xStalin, 0xhacksmithh, 99Crits, Aymen0909, Bauchibred, CodeWasp, Dup1337, IllIllI, John_Femi, K42, KupiaSec, Naresh, Rhaydden, Rolezn, Sathish9098, Topmark, ZanyBonzy, albahaca, bareli, blockchainbuttonmasher, cheatc0d3, codeslide, crc32, d3e4, favelanky, grearlake, hihen, jasonxiale, jesjupyter, lanrebayode77, lirezArAzAvi, lsaudit, mining_mario, oualidpro, pfapostol, radin100, rbserver, sammy, satoshispeedrunner, slvDev, twcctop, zabihullahazadzoi
32.9585 USDC - $32.96
due to the improper check, system is possible to mint more token than it should, and the maxMint limit may not work
we have maxMint check function defined :
function maxMint(address) external view returns (uint256 maxShares) { unchecked { return (convertToShares(type(uint104).max) * DECIMALS) / (DECIMALS + COMMISSION_FEE); } }
but in actual mint function, we do not use this function:
function mint(uint256 shares, address receiver) external returns (uint256 assets) { assets = previewMint(shares); @> if (assets > type(uint104).max) revert Errors.DepositTooLarge(); ...
we just use type(uint104).max instead of maxMint,which makes the maxmint check not work properly
manual
change to maxMint check
Invalid Validation
#0 - c4-judge
2024-04-25T20:49:16Z
Picodes marked the issue as duplicate of #553
#1 - c4-judge
2024-04-29T21:39:56Z
Picodes marked the issue as satisfactory
#2 - c4-judge
2024-05-09T19:15:20Z
Picodes changed the severity to QA (Quality Assurance)
#3 - c4-judge
2024-05-10T00:08:54Z
Picodes marked the issue as grade-b