Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Solera>Informational findings>Minimum Nest vault's nRWA mint may restrict user
GeneralOverview
Findings
Informational (3)Minimum Nest vault's nRWA mint may restrict userLack of support for users who select an E-modeUnnecessary approvals of zero tokens
DiscussionTest suite
Audit ResultsAssessment Results
Category: Business Logic

Minimum Nest vault's nRWA mint may restrict user

Informational Impact
Informational Severity
N/A Likelihood

Description

The code deposits the asset using the following function:

currentAmount = IAggregateToken(nRWA).deposit(borrowAmount, address(this), address(this)); 
function deposit(uint256 assets, address receiver, address controller) public override returns (uint256 shares) {
    if (receiver != msg.sender) {
        revert InvalidReceiver();
    }
    if (controller != msg.sender) {
        revert InvalidController();
    }

    shares =
        ITeller(address(this)).deposit(
            IERC20(asset()),
            assets,
!            assets.mulDivDown(minimumMintPercentage, 10_000));

    return shares;
}

The highlighted value is the minimum number of shares the contract may receive after depositing the PUSD assets without reverting.

Impact

Note that the minimumMintPercentage may prevent the Looping contract from operating normally if the ratio of assets to shares is unexpectedly high.

Recommendations

Directly call the deposit(address,uint256,uint256) function to override the value.

Remediation

Note: This issue was independently discovered and fixed by Solera during the assessment.

This issue has been acknowledged by Solera, and a fix was implemented in commit cb00bd79.

Zellic © 2025Back to top ↑