LockedToken Manual Review Findings

LTN-01M: Deviation of EIP-4626 Withdrawal Restriction

Type	Severity	Location
Standard Conformity		LockedToken.sol:L26-L28

Description:

Per the EIP-4626 standard, an EIP-4626 vault that does not permit withdrawals should yield a value of 0 when its IERC4626::maxRedeem and IERC4626::maxWithdraw functions are queried, a trait that is not observed here.

Impact:

The LockedToken presently deviates from the EIP-4626 standard's MUST terminology albeit in a low-sensitivity function meriting a minor severity rating.

Example:

Copy
9contract LockedToken is ERC4626 {
10    error PermanentlyLocked();
11
12    constructor(string memory name, string memory symbol, IERC20 asset) ERC20(name, symbol) ERC4626(asset) {}
13
14    function totalAssets() public view override returns (uint256) {
15        return totalSupply();
16    }
17
18    function _convertToShares(uint256 assets, Math.Rounding) internal pure override returns (uint256) {
19        return assets;
20    }
21
22    function _convertToAssets(uint256 shares, Math.Rounding) internal pure override returns (uint256) {
23        return shares;
24    }
25
26    function _withdraw(address, address, address, uint256, uint256) internal virtual override {
27        revert PermanentlyLocked();
28    }
29}

Recommendation:

We advise the relevant LockedToken::_withdraw restriction to be properly signaled to external observers via an override of the two aforementioned functions, ensuring compliance with the EIP-4626 standard.

Alleviation (17c8d4e59f398021156f6f9657ff278aae0462ae):

The code of the LockedToken implementation was updated to properly signal that withdrawals are prohibited by yielding a value of 0 for any LockedToken::maxRedeem or LockedToken::maxWithdraw call.