The Standard

Summary

No strict on settings burnFeeRate make user failed to burn EUROs in vault

Vulnerability Details

Function SmartVaultManagerV5#setBurnFee() is used by owner to set burn fee rate:

function setBurnFeeRate(uint256 _rate) external onlyOwner {
    burnFeeRate = _rate;
}

But it does not have any strict in this function. If burnFeeRate > HUNDRED_PC = 1e5, user are not able to burn EUROs token:

function burn(uint256 _amount) external ifMinted(_amount) {
    uint256 fee = _amount * ISmartVaultManagerV3(manager).burnFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();    // <---
    minted = minted - _amount;                                                                                                                                                                        // <---
    EUROs.burn(msg.sender, _amount);
    IERC20(address(EUROs)).safeTransferFrom(msg.sender, ISmartVaultManagerV3(manager).protocol(), fee);
    emit EUROsBurned(_amount, fee);
}

Impact

Users can not burn EUROs token in vault if burnFeeRate is too high

Tools Used

Manual review

Recommendations

Function setBurnFeeRate should be updated to:

function setBurnFeeRate(uint256 _rate) external onlyOwner {
+ require(_rate <=1e5); 
   burnFeeRate = _rate;
}