The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

The remaining EUROs cannot be withdrawn

Bauer

Summary

The remaining EUROs from LiquidationPoolManager to LiquidationPool cannot be withdrawn.

Vulnerability Details

In the distributeFees() function, the protocol transfers _amount of EUROs from the LiquidationPoolManager to the LiquidationPool contract, and then distributes it among users based on their proportion.

function distributeFees(uint256 _amount) external onlyManager {
uint256 tstTotal = getTstTotal();
if (tstTotal > 0) {
IERC20(EUROs).safeTransferFrom(msg.sender, address(this), _amount);
for (uint256 i = 0; i < holders.length; i++) {
address _holder = holders[i];
positions[_holder].EUROs += _amount * positions[_holder].TST / tstTotal;
}
for (uint256 i = 0; i < pendingStakes.length; i++) {
pendingStakes[i].EUROs += _amount * pendingStakes[i].TST / tstTotal;
}
}
}

However, this distribution incurs precision loss, meaning that the final allocation to all users may be less than _amount. The surplus EUROs tokens will remain in the protocol and cannot be withdrawn.

Impact

The surplus EUROs tokens will remain in the protocol and cannot be withdrawn.

Tools Used

Vscode

Recommendations

In the distributeFees() function, the value of the already allocated totalEUROs is first recorded. After the allocation, it is compared with _amount, and any surplus EUROs tokens are transferred to the protocol.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

precision-distributeFees

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.