Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

The `svTokenValue` function can return overestimated value of each strategy vault share token

pontifex

Summary

The GMXReader.svTokenValue function can return overestimated value of each strategy vault share token due to outdated totalSupply, i.e. without including pending management fees for a long period. This issue can cause the protocol unexpected behavior while keepers provide rebalance and when other protocols receive information about shares value.

Vulnerability Details

The svTokenValue function calculates the value of each strategy vault share token with the current amount of totalSupply, which may not include pending management fees:

function svTokenValue(GMXTypes.Store storage self) public view returns (uint256) {

uint256 equityValue_ = equityValue(self);

uint256 totalSupply_ = IERC20(address(self.vault)).totalSupply();

if (equityValue_ == 0 || totalSupply_ == 0) return SAFE_MULTIPLIER;

return equityValue_ * SAFE_MULTIPLIER / totalSupply_;

}

So the returned share value will be overestimated. The longer the period since the last mintFee was called the more overestimated shares value is.

Impact

The GMXReader.svTokenValue function returns an overestimated value of the share token. This issue can cause the protocol unexpected behavior while keepers provide rebalance and when other protocols receive information about the shares value.

Tools used

Manual Review

Recommendations

Consider adding pendingFee to the totalSupply:

function svTokenValue(GMXTypes.Store storage self) public view returns (uint256) {

uint256 equityValue_ = equityValue(self);

uint256 totalSupply_ = IERC20(address(self.vault)).totalSupply();

if (equityValue_ == 0 || totalSupply_ == 0) return SAFE_MULTIPLIER;

- return equityValue_ * SAFE_MULTIPLIER / totalSupply_;

+ return equityValue_ * SAFE_MULTIPLIER / (totalSupply_ + pendingFee(self));

}

Updates

Lead Judging Commences

hans Auditor

almost 2 years ago

hans Auditor

almost 2 years ago

hans Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

Overestimation of svTokenValue

Impact: Medium Likelihood: High

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.