The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Full burning of EUROs is not possible in a vault.

0xsandy

Summary

Full burning of EUROs token to get all the collateral back is not possible in a smart vault due to flawed logic implementation.

Vulnerability Details

Let's suppose, Vault owner supplies 15 PAXG tokens into the vault as collateral. With that the owner mints 15000 EUROs tokens.

Now, After some time, Vault owner doesn't need any EUROs tokens, So, The owner decides to burn all of his 15000 EUROs token to get his 15 PAXG collateral back.

When, the owner calls the burn() with 15000, the burn function will revert because of incorrect burn fee handling.
Basically, first tokens are burned here and fee amount is EUROs is transferred here.

Thus, In case of full burn, the owner won't have any EUROs tokens left to pay burn fee to the protocol.

Impact

This issue will cause inconvenience and grief to the Vault owner as owner has to manually calculate the burn fees and adjust burn amount accordingly for fully burning all of EUROs tokens.

Tools Used

Manual Analysis

Recommendations

The burn() should be modified as below to mitigate this issue:

function burn(uint256 _amount) external ifMinted(_amount) {
uint256 fee = _amount * ISmartVaultManagerV3(manager).burnFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();
minted = minted - _amount;
IERC20(address(EUROs)).safeTransferFrom(msg.sender, ISmartVaultManagerV3(manager).protocol(), fee);
EUROs.burn(msg.sender, _amount - fee);
emit EUROsBurned(_amount, fee);
}
Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

fee-loss

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

fee-loss

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.