Submission Details
Severity:
Accounting Error Causes `burn()` Function to Revert
Description:
The burn() function reverts when users attempt to burn all the EUROs in their address because the fee supposed to be sent to the protocol is burnt along with it.
Impact:
The inability to burn all of one's token in their wallet requires them to burn additional EUROs to fully access their collateral. If every vault requires extra EUROs to be burned to access their collateral, there will be a small portion of collateral locked and unwithdrawable.
Tools Used:
Manual review
Recommended Mitigation Steps:
Burn _amount - fee, then send the fee.
- function burn(uint256 _amount) external ifMinted(_amount) {
- uint256 fee = _amount * ISmartVaultManagerV3(manager).burnFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();
- minted = minted - _amount;
- EUROs.burn(msg.sender, _amount);
- IERC20(address(EUROs)).safeTransferFrom(msg.sender, ISmartVaultManagerV3(manager).protocol(), fee);
- emit EUROsBurned(_amount, fee);
}
// Correct implementation
function burn(uint256 _amount) external ifMinted(_amount) {
bool eurApproved = IERC20(EUROs).allowance(msg.sender, address(this)) >= _amount;
require(eurApproved, "Grant contract allowance");
uint256 fee = _amount * ISmartVaultManagerV3(manager).burnFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();
minted = minted - _amount;
EUROs.burn(msg.sender, _amount - fee);
(bool success,) = address(EUROs).delegatecall(abi.encodeWithSignature("approve(address,uint256)",address(this),fee));
require(success, "Delegatecall failed");
IERC20(address(EUROs)).safeTransferFrom(msg.sender, ISmartVaultManagerV3(manager).liquidator(), fee);
emit EUROsBurned(_amount, fee);
}
Updates
Lead Judging Commences
hrishibhat almost 2 years ago
Submission Judgement Published Reason: Design choice
Assigned finding tags:
fee-loss
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
60933
USDC / LOC
17,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.