TheSeersec

For the last time I've been working on a large audit of a protocol built on multiple interacting ERC-4626 vaults. One observation that keeps proving itself: understanding the difference between max* and preview* functions is essential for any auditor working with 4626. The key distinction — preview* functions are pure math. They convert between assets and shares at the current exchange rate, accounting for entry/exit fees, but they ignore all global constraints on the vault. max* functions are the opposite — they return the actual executable limit right now, factoring in pauses, deposit caps, and most interestingly, liquidity constraints. The heuristic: if a protocol evaluates the result of an operation using a preview* function but never checks the corresponding max* — that's a bug. A vault's previewRedeem might say your shares are worth 1M in assets, but maxWithdraw returns 20k because the underlying lending strategy is at 98% utilization. The protocol trusts the preview, calls withdraw, and reverts. 4626 keeps surprising me with new dimensions where bugs can hide.