The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Wrong accounting of `minted` when minting and burning EUR, can result in undercollateralised Vault

developerjordy

When a vault owner mints EUR tokens the minted amount is incremented with the fee.
When burning token the minted amount is only decremented with the amount, not including the fee. This results in left over minted amount, and then can result in undercollateralised Vault. Resulting in liquidation

Vulnerability Details

The user just added 1_105_500 EUR collateral to the vault.

MaxMintable returns the following formula:

$ M = \frac{Ec \times P}{Cr}$

M: The Max Mintable amount

Ec: Total Euro Collateral of the vault

P: HUNDRED_PC, which is 100,000 or 1e5

Cr: Collateral Rate of the vault, which is set to 110_000

$ \frac{1105500 \times 100000}{110000} = 1005000$

The user then mints 1M EUR tokens

This results in a fee of 5K EUR tokens resulting in minted as the MaxMintable() value of 1_005_000 (this value is important).

During Bear Market the collateral token loses 80% value

eurCollateral() now returns a collateral value of 221_100 EUR.

This results in a MaxMintable value of 201_000

$ {1000000 - 201000} = 799000$ Eur tokens to burn

The Vault owner response is quick and burns 799_000 EUR tokens to have a possitive collateral value.

As the Vault owner burns the 799000 amount, the vault still got liquidated. This is how it happened:

The burn function burns from the minted amount. This value was 1_005_000
$ {1005000 - 799000} = 206000$ as the minted value.
206_000 is 5000 larger than the MaxMintable value of 201_000.

This comes from the fee that is extra minted during mint, but not burned when calling burn. So the Vault has a higher value than the MaxMintable value, resulting in liquidation of the vault.

Impact

The incorrect accounting of the minted amount can result in undercollateralization of the Vault, leading to potential liquidation and loss of funds.

Tools Used

Manual Review

Recommended mitigation stepts

To mitigate this issue, it is recommended to stay consistent with the fee when minting and burning tokens. The system should accurately track the minted amount by considering the fee in both minting and burning processes.

This code example adjusts the minting process to deduct the fee from the minted amount, ensuring accurate accounting.

function mint(address _to, uint256 _amount) external onlyOwner ifNotLiquidated {

uint256 fee = _amount * ISmartVaultManagerV3(manager).mintFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();

require(fullyCollateralised(_amount), UNDER_COLL);

- minted = minted + _amount + fee;

+ minted = minted + _amount;

- EUROs.mint(_to, _amount);

+ EUROs.mint(_to, _amount - fee); // mint amount minus fee

EUROs.mint(ISmartVaultManagerV3(manager).protocol(), fee);

emit EUROsMinted(_to, _amount, fee);

}

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

fee-loss

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Assigned finding tags:

fee-loss

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.