Function: deposit(uint256 _underlying, address receiver)
When a user deposits assets, the function deposits those assets into another ERC-4626 vault and manages the resulting shares, subsequently minting new shares for the users based on the shares obtained.
Inputs
_underlying
Control: Arbitrary.
Constraints: It must be greater than zero.
Impact: It specifies the amount of assets to be paid.
receiver
Control: Arbitrary.
Constraints: It must not be
address(0)
.Impact: It is the address of the wallet receiving the shares.
Branches and code coverage
Intended branches
Normal minting occurs when an
_underlying
value greater than zero is provided.
Negative behavior
The transaction reverts when the
_underlying
value is zero.
Function call analysis
this.strategy.previewDeposit(_underlying)
What is controllable? The
_underlying
value.If the return value is controllable, how is it used and how can it go wrong? It can still be bypassed even when a value of zero is passed to the
_underlying
parameter.What happens if it reverts, reenters or does other unusual control flow? No impact.
SafeERC20.safeTransferFrom(IERC20(this.underlying), msg.sender, address(this), _underlying)
What is controllable? The
_underlying
value.If the return value is controllable, how is it used and how can it go wrong? No impact.
What happens if it reverts, reenters or does other unusual control flow? If reentrancy is possible, it may lead to an increase in the
totalSupply()
value through repetitive calls to theharvest
function, potentially resulting in the permanent freezing of funds. See Finding ref↗.
IERC20(this.underlying).approve(address(this.strategy), _underlying)
What is controllable? The
_underlying
value.If the return value is controllable, how is it used and how can it go wrong? No impact.
What happens if it reverts, reenters or does other unusual control flow? While a reentrancy scenario is possible, it may not provide sufficient incentive for an attack, as funds are paid in advance.
this.strategy.deposit(_underlying, address(this))
What is controllable? The
_underlying
value.If the return value is controllable, how is it used and how can it go wrong? By maliciously manipulating the
receivedAssets
value, a substantial number of shares can be minted.What happens if it reverts, reenters or does other unusual control flow? While a reentrancy scenario is possible, it may not provide sufficient incentive for an attack, as funds are paid in advance.
this.strategy.convertToAssets(this.totalAssets())
What is controllable? It is uncontrollable.
If the return value is controllable, how is it used and how can it go wrong? The fee process can be maliciously manipulated.
What happens if it reverts, reenters or does other unusual control flow? While a reentrancy scenario is possible, it may not provide sufficient incentive for an attack, as funds are paid in advance.