Incorrect Yield Calculation in updateYield() Function Due to Unhandled Decrease in Total Zeth Value
Summary
The updateYield() function in the LibVault library of the provided Solidity contract has potential issues with its implementation. The function is designed to update the yield rate of a specific vault, but there are concerns about the logic and calculations used
Vulnerability Details
The function retrieves the total Zeth value of a vault and calculates the yield based on the difference between the new and old total. However, if the new total is less than or equal to the old total, the function simply returns without any further action. This could potentially lead to incorrect yield calculations if the total Zeth value decreases. The function does not account for the scenario where the total Zeth value decreases, which could lead to incorrect yield calculations.
Impact
The potential impact of this vulnerability is significant. If the yield is not calculated correctly when the total Zeth value decreases, it could lead to financial losses for the users of the contract.
Tools Used
Manual review
Recommendations
It is recommended to revise the updateYield() function to handle the scenario where the total Zeth value decreases.
uint88 zethTotalNew = uint88(getZethTotal(vault));
// Check if zethTotalNew is less than or equal to zethTotal
if (zethTotalNew < Vault.zethTotal) {
// Handle decrease in zethTotal appropriately
// For example, you might want to adjust the yield rate proportionally
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.