The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Total minted did not account the fee sent to protocol allowing users to have more than actual EURO tokens causing erroneous calculation

thedoctor

Summary

The SmartVaultV3::burn() function is used to burn the tokens of sEURO and send the fee to the vault manager.

Vulnerability Details

The minted amount is the sEURO amount minted, and did not account for the fees sent to Smart Vault Manager in SmartVaultV3::burn(). At first, it may need mean much, but the minted sEURO total amount is a critical amount for calculating if the user is undercollateralized, can never removeCollateral and have a higher minimum amount of required collateral for swaps than the actual minimum.

function burn(uint256 _amount) external ifMinted(_amount) {

uint256 fee = _amount * ISmartVaultManagerV3(manager).burnFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();

minted = minted - _amount;

EUROs.burn(msg.sender, _amount);

IERC20(address(EUROs)).safeTransferFrom(msg.sender, ISmartVaultManagerV3(manager).protocol(), fee);

emit EUROsBurned(_amount, fee);

}

Impact

sEURO amount minted will not reflect its true state, causing the vault to be actually under-collateralized, can never removeCollateral and have a higher minimum amount of required collateral for swaps than the actual sEURO balance of the vault.

Tools Used

Manual Review

Recommendations

Account for the fees sent and deduct from the minted amount.

function burn(uint256 _amount) external ifMinted(_amount) {

uint256 fee = _amount * ISmartVaultManagerV3(manager).burnFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();

-- minted = minted - _amount;

++ minted = minted - _amount - fee;

EUROs.burn(msg.sender, _amount);

IERC20(address(EUROs)).safeTransferFrom(msg.sender, ISmartVaultManagerV3(manager).protocol(), fee);

emit EUROsBurned(_amount, fee);

}

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

fee-loss

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Assigned finding tags:

fee-loss

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.