The Standard

Summary

Once a user starts borrowing using the smart vaults, he cannot fully repay/burn his debt, nor ever get his collateral back in full.

Vulnerability Details

When a user wants to mint himself EUROs through locking up his collateral, he gets exactly the specified amount and the protocol governance address gets minted a certain fee based on a fee rate. The problem occurs due to the devs' wish to give the user exactly how much they specified, thus the fees that the
protocol receives are actually minted ON TOP of the requested tokens, thus the inner tracker minted would get incremented by amount + fees instead of just amount. This means that a user burning his entire EUROs borrow can burn only up to the first amount. So:

1. User mints 1000 EUROs, protocol receives 10, the minted = 1010

2. User burns 1000 EUROs, he can't burn more, the minted = 10

The leftover dust in minted wouldn't allow the user to fully retrieve his initial collateral, so it is stuck unless he gets liquidated or forces himself to buy EUROs, which in every case is a loss for the user.

Impact

User disincentivisation, user funds lock up and loss

Tools Used

Manual Review

Recommendations

This is a tricky one based on the devs' views. Either do not count the fees towards the minted tokens to allow the full collateral withdrawal or take the fees from the already minted EUROs instead of minting them separately.