The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

In SmartVaultV3 - user can't burn all of his EUROs tokens

0xasen

Summary

The burn function in SmartVaultV3 is supposed to allow a user to burn his EUROs tokens.
However, the current implementation doesn't allow him to burn all of his tokens as the transaction will revert.

Vulnerability Details

Let's take a look at the code:

function burn(uint256 _amount) external ifMinted(_amount) {
uint256 fee = _amount * ISmartVaultManagerV3(manager).burnFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();
minted = minted - _amount;
EUROs.burn(msg.sender, _amount);
IERC20(address(EUROs)).safeTransferFrom(msg.sender, ISmartVaultManagerV3(manager).protocol(), fee);
emit EUROsBurned(_amount, fee);
}

Let's say the user has 1000 tokens and he tries to burn them all.
A certain amount of fee will be calculated, and then the 1000 tokens will be burnt.
After that, the function attempts to transfer fee from the user to the ISmartVaultManagerV3(manager).protocol(). However, all of his tokens are already burned and this operation will revert.

Impact

A user can't burn all of his tokens which is a strange design decision and will lead to the user having to calculate what amount he has to burn so the fee succeeds in getting transferred.

Tools Used

Manual review

Recommendations

You should burn amount - fee and then transfer the fee:

EUROs.burn(msg.sender, _amount - fee);
IERC20(address(EUROs)).safeTransferFrom(msg.sender, ISmartVaultManagerV3(manager).protocol(), fee);
Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

fee-loss

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

fee-loss

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.