low

Incorrectly set `version` for `SmartVaultV3` breaks off-chain integration

Contest
sponsor logo

The Standard
Reward

Total

136.49 USDC

0x6a70
18.44 USDC
alexbabits
18.44 USDC
spacelord47
Selected
25.82 USDC
0xRizwan
18.44 USDC
shikhar229169
18.44 USDC
MaslarovK
18.44 USDC
flacko
18.44 USDC
Selected Submission

Incorrectly set version for SmartVaultV3 breaks off-chain integration

Severity

Medium Risk

Relevant GitHub Links

https://github.com/Cyfrin/2023-12-the-standard/blob/41147c652c41489bd30953a4122a1e9d836799b1/contracts/SmartVaultV3.sol#L19

Summary

The version field(constant) in SmartVaultV3 is set to "2", when it should be "3".

Issue Details

SmartVaultV3 contract is an upgrade for previous version - SmartVaultV2, which itself is an upgrade for SmartVault. All these contracts utilize the version field for versioning. version later used in the ISmartVault.Status object, to describe current status of a SmartVault.

In the following code we can see the version field set for two previous versions of SmartVault (the code is taken from TheStandard main repo):

SmartVault.sol

17:     uint8 private constant version = 1;

SmartVaultV2.sol

20:     uint8 private constant version = 2;

And here is (in scope) version of SmartVaultV3:

SmartVaultV3.sol

19:     uint8 private constant version = 2;

As we can see, SmartVaultV3 incorrectly specifies its version.

Impact

The affected version field is used in two places:

  1. It's a part of the data returned by an external function SmartVaultManagerV5.vaults (which provides information about all current vaults managed by the VaultManager).
  2. Also, it's used by NFTMetadataGenerator.generateNFTMetadata to generate NFT metadata for a particular SmartVault. This NFT data used in the smart vault dashboard UI (like here) and allows borrowers to manage/sell their vaults.

Basically, incorrect SmartVault version will likely break mentioned protocol's integrations, because the version is expected to be used to differentiate between different versions of deployed contracts. And since the version of a vault can't be updated after creation, borrowers will experience issues with managing/selling their vaults.

Recommendations

Update version field in SmartVaultV3 to correctly match current version:

diff --git a/contracts/SmartVaultV3.sol b/contracts/SmartVaultV3.sol
--- a/contracts/SmartVaultV3.sol	(revision c12272f2eec533019f2d255ab690f6892027f112)
+++ b/contracts/SmartVaultV3.sol	(date 1703704412808)
@@ -16,7 +16,7 @@
 
     string private constant INVALID_USER = "err-invalid-user";
     string private constant UNDER_COLL = "err-under-coll";
-    uint8 private constant version = 2;
+    uint8 private constant version = 3;
     bytes32 private constant vaultType = bytes32("EUROs");
     bytes32 private immutable NATIVE;
     address public immutable manager;