Problem During SmartVaultV3::burn() tokens
Summary
In SmartVaultV3::burn() , while burning number of tokens the protocol is not considering adding fee while subtracting the number of tokens with the amount.
minted = minted - _amount;
The number of minted should be minted = minted - _amount + fee;
But protocol is only subtracting the amount of burn tokens and not taking fee as consideration.
Vulnerability Details
As mentioned protocol has forgot to take fee as consideration while calculating "minted" number of tokens.
And protocol has taken fee consideration while minting of tokens.
https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/SmartVaultV3.sol#L160
https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/SmartVaultV3.sol#L163
Impact
As "minted" variable is key while checking that the position is undercollateralised or not , so it would create a problem while checking that the position is undercollateralised or not .
https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/SmartVaultV3.sol#L99
https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/SmartVaultV3.sol#L99
Tools Used
Manual Review
Recommendations
The number of minted should be minted = minted - _amount + fee;
Lead Judging Commences
fee-loss
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.