The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Accounting Error Causes `mint()` Function to Revert

krisrenzo

Description:
When users deposit collateral to their vault, they can mint EUROs. The function maxMintable() returns the maximum amount of EUROs a vault is allowed to mint. When users call mint(), a sub-function call to fullyCollateralised() is made to check if the amount the user wants to mint can be supported by their collateral. However, instead of passing in the _amount to be minted in this fullyCollateralised(), the mint function passes the sum of the amount the user wants to mint and the fee (which is a percentage of the amount). This means that if a user attempts to mint the maxMintable of their vault, the call is reverted.

Impact:
This may be confusing for users, as the protocol contradicts itself.

Tools Used:

Manual review

Recommended Mitigation Steps:
Burn _amount - fee, then send the fee.

- function mint(address _to, uint256 _amount) external onlyOwner ifNotLiquidated {

- uint256 fee = _amount * ISmartVaultManagerV3(manager).mintFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();

- require(fullyCollateralised(_amount + fee), UNDER_COLL);

- minted = minted + _amount + fee;

- EUROs.mint(_to, _amount);

- EUROs.mint(ISmartVaultManagerV3(manager).protocol(), fee);

- emit EUROsMinted(_to, _amount, fee);

- }

// Correct implementation

+ function mint(address _to, uint256 _amount) external onlyOwner ifNotLiquidated {

+ uint256 fee = _amount * ISmartVaultManagerV3(manager).mintFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();

+ require(fullyCollateralised(_amount), UNDER_COLL);

+ minted = minted + _amount;

+ EUROs.mint(_to, _amount - fee);

+ EUROs.mint(ISmartVaultManagerV3(manager).liquidator(), fee);

+ emit EUROsMinted(_to, _amount - fee, fee);

+ }

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

fee-loss

hrishibhat Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Design choice

Assigned finding tags:

fee-loss

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!