The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Fee Handling in `SmartVaultV3` May Result in Loss of Funds

n0kto

Description

Fees in a vault are not stored locally but are requested from the manager when a user performs actions such as swapping, minting, or burning. If the manager changes the fee rates before a user interacts with the vault, the user may end up paying more fees than expected. This situation is analogous to a user taking a fixed loan, and the bank unilaterally decides to increase the interest rate.

Impact

Users may lose more money than anticipated with a new minting.
A burn fee that is too high can prevent a user from repaying.
Potential for abuse if the protocol team is considered untrusted, allowing for front-running scenarios where the protocol team exploits fee changes just before a user interacts with the vault.

Proof of Concept

Foundry PoC

function testManagerChangeFees() public {

vm.prank(vaultUser);

USDs.transfer(address(vault), 100e18);

vm.prank(vaultUser);

vault.mint(vaultUser, 10e18);

uint fees = (10e18 * 500) / 1e5;

assertEq(EUROs.balanceOf(address(liquidationPoolManager)), fees);

vm.prank(protocol);

smartVaultManager.setMintFeeRate(10000);

vm.prank(vaultUser);

vault.mint(vaultUser, 10e18);

// User uses the same vault but pays more fees

fees += (10e18 * 10000) / 1e5;

assertEq(EUROs.balanceOf(address(liquidationPoolManager)), fees);

}

Recommended Mitigation

Set burn fee rates in the vault at its creation. This not only prevents the described vulnerability but also consumes less gas.
If possible, implement a similar mechanism for swapping and minting fees. Alternatively, warn users well in advance about potential increases in minting and swapping fees.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

informational/invalid

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.