The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Wrong Burning Mechanism Leading to Wrong Calculations of Collateral and Minted

tpiliposian

Summary

In the current implementation of the EURO burn function within SmartVaultV3.sol, there are issues with the fee calculation and collateral requirement assessment. The issues arise when a user intends to burn a certain amount of EUROs and the associated fee, leading to potential undercollateralization risks.

Vulnerability Details

Firstly, the burn fee, calculated at for example 2% of the EUROs to be burned, is currently deducted from the amount the user intends to burn, rather than being an independent transaction. This results in the user needing additional EUROs to cover the fee separately from the amount they want to burn (in case the user wants to burn all the EUROs it will revert).
Secondly, when a user burns a portion of their EUROs, the function correctly executes the burn, but fails to adjust the collateral requirement in proportion to the EUROs burned.

function burn(uint256 _amount) external ifMinted(_amount) {
uint256 fee = _amount * ISmartVaultManagerV3(manager).burnFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();
minted = minted - _amount;
EUROs.burn(msg.sender, _amount);
IERC20(address(EUROs)).safeTransferFrom(msg.sender, ISmartVaultManagerV3(manager).protocol(), fee);
emit EUROsBurned(_amount, fee);
}

Example Scenario:

Consider a scenario where a user has 1 Ether as collateral and has minted 1000 EUROs. Should they decide to burn 500 EUROs:

  1. The user has minted 1000 EUROs and intends to burn 500 EUROs.

  2. With a burn fee rate of e.g. 2%, the user needs 510 EUROs (500 + 10 fee) to execute the burn operation. But as function works, fee is calculated 10 EUROs, then minted parameter becomes minted = minted - _amount: 1000 - 500 = 500.

  3. Then 500 EUROs burned, and user has to pay 10 EUROs as a fee.

  4. After the successful burn and paid fee, the user remains with 490 EUROs and 1 Ether as a collateral.

Now the user can adjust their collateral with minted parameter, so the user needs to have as much collateral as it intended to for 500 EUROs ( minted = 500 ), but the user has actually 490 EUROs. So the user can adjust their collateral for 490 EUROs and be liquidated.

Impact

Undercollateralization Risk: Users might face undercollateralization if the collateral is not adjusted according to the remaining EURO balance after the burn.

Liquidation: Inadequate collateral coverage for the EUROs can lead to the liquidation of the vault, causing a loss of assets for the user.

Tools Used

Manual review.

Recommendations

Revise the burn function to ensure that the fee is calculated separately from the EUROs to be burned, rather than being deducted from the user's existing EURO balance. After each burn operation, recalculate the required collateral based on the remaining EURO balance to maintain proper collateralization.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

fee-loss

billobaggebilleyan Auditor
over 1 year ago
00xSEV Auditor
over 1 year ago
maroutis Auditor
over 1 year ago
tpiliposian Submitter
over 1 year ago
billobaggebilleyan Auditor
over 1 year ago
tpiliposian Submitter
over 1 year ago
hrishibhat Lead Judge
over 1 year ago
hrishibhat Lead Judge
over 1 year ago
hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

fee-loss

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.