# #37634 \[SC-Low] Incorrect Builtin ERC4626 Call Signature **Submitted on Dec 11th 2024 at 08:45:58 UTC by @anatomist for** [**Attackathon | Ethereum Protocol**](https://immunefi.com/audit-competition/ethereum-protocol-attackathon) * **Report ID:** #37634 * **Report Type:** Smart Contract * **Report severity:** Low * **Target:** * **Impacts:** * (Compiler) Unexpected behavior * (Compiler) Incorrect bytecode generation leading to incorrect behavior ## Description ## Brief/Intro Vyper provides several common builtin interfaces to save developer the troubles of having to define those themselves. Unfortunately, the interface of ERC4626 may produce incorrect signatures, potentially leading to call failures or calling incorrect functions. ## Vulnerability Details The ERC4626.vyi builtin interface provided by vyper contains several functions with optional arguments. ``` @external def deposit(assets: uint256, receiver: address=msg.sender) -> uint256: ... @external def mint(shares: uint256, receiver: address=msg.sender) -> uint256: ... @external def withdraw(assets: uint256, receiver: address=msg.sender, owner: address=msg.sender) -> uint256: ... @external def redeem(shares: uint256, receiver: address=msg.sender, owner: address=msg.sender) -> uint256: ... ``` However, it is overlooked that for optional arguments in contract abi functions, the function signature is calculated WITHOUT the arguments using default values. This means if developers call the builtin interface function while using default values, they'll end up calling an incorrect function. For example, the two calls in the contract below ends up resolving to different signatures, and only the first signature is correct. ``` from ethereum.ercs import IERC4626 @deploy def __init__(x: IERC4626): extcall x.withdraw(0, self, self) #0xb460af94 "withdraw(uint256,address,address) extcall x.withdraw(0) #0x2e1a7d4d "withdraw(uint256)" ``` ## Impact Details In most cases, using an incorrect interface will likely result in a call failure, which prevents normal operation of the contract. In certain scenarios, the incorrect call might result in calling the fallback function or another function with matching interface. In such cases, unexpected actions may be performed on behalf of the contract, resulting in more severe consequences. ## References * `https://github.com/vyperlang/vyper/blob/12ab4919cc4618fcac4f5d24d45a0e7fdbc4a48c/vyper/builtins/interfaces/IERC4626.vyi#L47` ## Proof of Concept ## Proof of Concept Already shown in Vulnerability Details section. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://reports.immunefi.com/ethereum-protocol-or-attackathon/37634-sc-low-incorrect-builtin-erc4626-call-signature.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.