Skip to content

fix: batchDeposit #139

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix: batchDeposit #139

wants to merge 2 commits into from

Conversation

jim380
Copy link
Collaborator

@jim380 jim380 commented Aug 5, 2025
edited
Loading

Note: I'm just a community member and Intuition fren.

@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 5, 2025

Summary of Test Results if Merged To Main:

  • Full logs & artifacts are available in the Actions tab
  • This comment will update automatically with new CI runs

❌ 1 tests failed, 142 passed, 0 skipped (Total: 143)

Failing Tests in this PR Branch

setUp()

Stack Trace

Test Results for Merge

Test Suite Status Coverage Time
test/unit/EthMultiVault/DepositTripleCurve.t.sol 100% (4/4) 0.006s
test/unit/EthMultiVault/AdminMultiVault.t.sol 100% (16/16) 0.008s
test/unit/EthMultiVault/BatchCreateTriple.t.sol 100% (4/4) 0.008s
test/unit/EthMultiVault/Approvals.t.sol 100% (2/2) 0.004s
test/unit/EthMultiVault/EmergencyRedeemTriple.t.sol 100% (5/5) 0.008s
test/unit/EthMultiVault/BatchDeposit.t.sol 100% (6/6) 0.008s
test/unit/EthMultiVault/EmergencyReedemAtom.t.sol 100% (4/4) 0.004s
test/unit/EthMultiVault/BatchDepositExploit.t.sol 100% (3/3) 0.002s
test/BaseTest.sol 100% (2/2) 0.009s
test/unit/EthMultiVault/BatchRedeem.t.sol 100% (8/8) 0.025s
test/unit/EthMultiVault/BatchDepositFixTest.t.sol 100% (4/4) 0.005s
test/unit/EthMultiVault/BatchCreateAtom.t.sol 100% (2/2) 0.008s
test/unit/EthMultiVault/RedeemAtom.t.sol 100% (4/4) 0.004s
test/unit/EthMultiVault/CreateAtom.t.sol 100% (6/6) 0.009s
test/unit/EthMultiVault/RedeemAtomCurve.t.sol 100% (4/4) 0.004s
test/unit/EthMultiVault/RedeemTriple.t.sol 100% (5/5) 0.010s
test/unit/EthMultiVault/CreateTriple.t.sol 100% (6/6) 0.020s
test/unit/EthMultiVault/RedeemTripleCurve.t.sol 100% (5/5) 0.011s
test/unit/EthMultiVault/CurveComparison.t.sol 100% (6/6) 0.015s
test/unit/EthMultiVault/DepositAtom.t.sol 100% (4/4) 0.005s
test/unit/EthMultiVault/DepositAtomCurve.t.sol 100% (4/4) 0.004s
test/unit/EthMultiVault/DepositTriple.t.sol 100% (4/4) 0.007s
test/unit/EthMultiVault/UseCases.t.sol 100% (6/6) 0.028s
test/unit/EthMultiVault/Helpers.t.sol 100% (4/4) 0.005s
test/unit/EthMultiVault/Profit.t.sol 100% (11/11) 0.022s
test/unit/EthMultiVault/Fees.t.sol 100% (2/2) 0.440s

🔒 Security Analysis

⚠️ Found 3 High and 3 Medium severity issues

High Severity Issues

arbitrary-send-eth

Impact: AtomWallet._call(address,uint256,bytes) (src/AtomWallet.sol#214-221) sends eth to arbitrary user Dangerous calls: - (success,result) = target.call{value: value}(data) (src/AtomWallet.sol#215)

Affected Files:

  • src/AtomWallet.sol
View Detailed Findings
  • src/AtomWallet.sol:214 in _call
reentrancy-eth

Impact: Reentrancy in EthMultiVault.batchDepositCurve(address,uint256[],uint256[],uint256[]) (src/EthMultiVault.sol#1296-1338): External calls: - _transferFeesToProtocolMultisig(protocolFee) (src/EthMultiVault.sol#1334) - (success,None) = address(generalConfig.protocolMultisig).call{value: value}() (src/EthMultiVault.sol#1452) State variables written after the call(s): - shares[i_scope_0] = _depositCurve(receiver,termIds[i_scope_0],curveIds[i_scope_0],userDepositAfterprotocolFee) (src/EthMultiVault.sol#1332) - bondingCurveVaults[id][curveId].totalAssets += assetsDelta (src/EthMultiVault.sol#1810) - bondingCurveVaults[id][curveId].balanceOf[to] += amount (src/EthMultiVault.sol#1752) - bondingCurveVaults[id][curveId].totalShares += sharesDelta (src/EthMultiVault.sol#1811) EthMultiVault.bondingCurveVaults (src/EthMultiVault.sol#132) can be used in cross function reentrancies: - EthMultiVault.bondingCurveVaults (src/EthMultiVault.sol#132) - EthMultiVault.convertToAssetsCurve(uint256,uint256,uint256) (src/EthMultiVault.sol#2228-2233) - EthMultiVault.convertToSharesCurve(uint256,uint256,uint256) (src/EthMultiVault.sol#2193-2199) - EthMultiVault.currentSharePriceCurve(uint256,uint256) (src/EthMultiVault.sol#2125-2129) - EthMultiVault.getCurveVaultState(uint256,uint256) (src/EthMultiVault.sol#2365-2367) - EthMultiVault.getDepositSharesAndFeesCurve(uint256,uint256,uint256) (src/EthMultiVault.sol#1934-1961) - EthMultiVault.getRedeemAssetsAndFeesCurve(uint256,uint256,uint256) (src/EthMultiVault.sol#2008-2042) - EthMultiVault.getVaultStateForUserCurve(uint256,uint256,address) (src/EthMultiVault.sol#2355-2363) - EthMultiVault.maxRedeemCurve(address,uint256,uint256) (src/EthMultiVault.sol#2161-2164) - shares[i_scope_0] = _depositCurve(receiver,termIds[i_scope_0],curveIds[i_scope_0],userDepositAfterprotocolFee) (src/EthMultiVault.sol#1332) - vaults[id].totalAssets = totalAssets (src/EthMultiVault.sol#1793) - vaults[id].totalShares = totalShares (src/EthMultiVault.sol#1794) EthMultiVault.vaults (src/EthMultiVault.sol#97) can be used in cross function reentrancies: - EthMultiVault.convertToAssets(uint256,uint256) (src/EthMultiVault.sol#2212-2216) - EthMultiVault.convertToShares(uint256,uint256) (src/EthMultiVault.sol#2177-2181) - EthMultiVault.currentSharePrice(uint256) (src/EthMultiVault.sol#2113-2119) - EthMultiVault.getDepositSharesAndFees(uint256,uint256) (src/EthMultiVault.sol#1905-1932) - EthMultiVault.getRedeemAssetsAndFees(uint256,uint256) (src/EthMultiVault.sol#1972-2006) - EthMultiVault.getVaultStateForUser(uint256,address) (src/EthMultiVault.sol#2349-2353) - EthMultiVault.maxRedeem(address,uint256) (src/EthMultiVault.sol#2151-2154) - EthMultiVault.vaults (src/EthMultiVault.sol#97)

Affected Files:

  • src/EthMultiVault.sol
View Detailed Findings
  • src/EthMultiVault.sol:1296 in batchDepositCurve
  • src/EthMultiVault.sol:1241 in batchDeposit

Medium Severity Issues

View Medium Severity Issues ##### incorrect-equality **Impact**: EthMultiVault._validateTimelock(bytes32) (src/EthMultiVault.sol#2446-2458) uses a dangerous strict equality: - timelock.readyTime == 0 (src/EthMultiVault.sol#2449)

Affected Files:

  • src/EthMultiVault.sol

  • src/EthMultiVault.sol:2446 in _validateTimelock

uninitialized-local

Impact: EthMultiVault.batchCreateAtom(bytes[]).protocolDepositFeeTotal (src/EthMultiVault.sol#625) is a local variable never initialized

Affected Files:

  • src/EthMultiVault.sol

  • src/EthMultiVault.sol:625 in protocolDepositFeeTotal

  • src/EthMultiVault.sol:758 in protocolDepositFeeTotal

Recommended Actions

  1. Review and fix all high severity issues before deployment
  2. Implement thorough testing for affected components
  3. Consider additional security measures:
    • Access controls
    • Input validation
    • Invariant checks

⛽ Gas Analysis

⚠️ No gas snapshot generated

@Qatadah0343
Copy link

Good work

@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 6, 2025

Summary of Test Results if Merged To Main:

  • Full logs & artifacts are available in the Actions tab
  • This comment will update automatically with new CI runs

⚠️ No test results found

🔒 Security Analysis

⚠️ No security analysis results found

⛽ Gas Analysis

⚠️ No gas snapshot generated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jim380 @Qatadah0343 @kamescg