DittoETH

Summary

If the total collateral stored in a vault does not increase, users can't receive any yield. The protocol assumes that if there has not been an increase in a vault's collateral, no yield has been earned.

Vulnerability Details

LibVault::updateYield() updates yield rate if the total collateral in an asset's vault increases fromt he last time the function was successfully run. This is checked in the function by comparing the new total collateral zethTotalNew with the previous total zethTotal.

If the new total hasn't grown since the last time the function was successfully run it will exit early without updating the yield.
When a user tries to claim yield, by executing YieldFacet.sol::distributeYield(), and the rate hasn't updated since the last time they claimed there is a check in _distributeYield which will fail.

The design means that if collateral is being removed from the system, users cannout claim yield. Furthermore, other functions, such as those in ExitShortFacet.sol which users trigger to exit short positions, rely on updateYield() to distribute outstanding yield to users who are exiting their short positions. This means users may face a choice of locking funds in the system until collateral rises or exiting and losing their yield.

Impact

If there is a situation where total collateral in the vault is declining, yield distribution is essentially blocked; users will be unable to earn any yield until the collateral in the vault increases again. This could lead to a situation where users are trapped in their positions, especially during market downturns or black swan events where there's a rush to withdraw collateral. In such scenarios, users might not only be unable to retrieve their yields but also face difficulties in exiting their positions, leading to financial loss and less trust in the system.

Tools Used

Manual Review
Foundry

Recommendations

Update the the function to update the yield when collateral is declining.