The Standard

When a user is adding collateral to the vault, the EUR amount the user can mint depends on the total EUR collateral value. Adding the fee to the mint amount, results in a user can't mint the right maxMintable amount

Vulnerability Details

If we take the following EUR collateral of the vault: 43,230 EUR, the max EUR value a user can mint is calculated with the following formula:

$ M = \frac{V \times P}{C}$

M: This is the value we're calculating, the max mintable value

V: This is the euroCollateral, the total value of the vault in Euros.

P: This represents HUNDRED_PC, which is 100,000 or 1e5

C: This is the collateralRate, which is 110,000

$ \frac{43230 \times 100000}{110000} = 39300 $

But when trying to mint 39300 EUR tokens, there's a fee calculated over that amount

$ F = \frac{A \times fr}{P}$

F: Fee over mint amount

A: Mint amount, 39300 EUR

fr: Fee Rate, what is set to 500 at deployment

P: HUNDRED_PC, which is 100,000 or 1e5

$ \frac{39300 \times 500}{100000} = 196.5 $

This fee is than added to the mint amount, resulting in 39496.5 EUR to mint.

the fullyCollateralised will return false as in the previous calculations the maxMintable will return 39300.

Tools Used

Manual Review

Recommended mitigation steps

Calculate the fee and when minting to the user, decrement it from the _amount. This way the collateral calculation succeeds