The Standard

Owners can't burn the right amount of EUR due to the fee that is taken after the user burns EUR. Transferring the fee after a user burns EUR will exceed the user's balance.

Vulnerability Details

Take the following example:

Vault owner has a balance of 100 EUR, and to prevent liquidation needs to burn 100 EUR.

The following calculations happen

$ F = \frac{A \times fr}{P}$

F: Fee over burn amount

A: burn amount, 100 EUR

fr: Fee Rate, what is set to 500 at deployment

P: HUNDRED_PC, which is 100,000 or 1e5

Resulting in the following

$ \frac{100 \times 500}{100000} = 0.5 $

The amount (100) is then burned from the user resulting in a EUR balance of 0.

After the burn the fee (0.5) is then transferred from the user to the protocol, but this exceeds the balance resulting in a revert transaction

Impact

The inability to burn EUR tokens due to the fee exceeding the balance can result in incorrect financial calculations and may lead to the liquidation of the vault, potentially resulting in the loss of funds.

Tools Used

Manual Review

Recommended mitigation steps

Calculate the fee and when burning from the user, decrement it from the _amount so to total amount match the user balance