Incorrect asset calculation in _harvestAndReport() due to unclaimed claimable funds leading to broken internal accounting.
Summary
The _harvestAndReport() function in StrategyMainnet relies on transmuter.getClaimableBalance() to determine the total assets. However, it does not actually claim these funds, nor are they included in the final _totalAssets calculation. As a result, the reported assets do not accurately reflect the strategy’s true holdings.
Note, that both StrategyArb and StrategyOP contracts have the same Issue.
I will refer to StrategyMainnet contract at all times for consistency and ease of reading.
Vulnerability Details
Within _harvestAndReport function, the claimable balance is obtained from the transmuter but never claimed, this can be seen on L178-191 of StrategyMainnet contract.
Consequently, the strategy’s final asset count omits these claimable funds. The comments on L151-159 suggest that most accurate accounting of current assets was intended, yet the omission introduces a discrepancy.
This inaccurate total asset calculation, when used downstream (in the report() function of TokenizedStrategy, L2387 of the contract on tokenizedStrategyAddress defined in BaseStrategy contract, an abstract contract the StrategyMainnet contract is built on), leads to faulty recalculations and incorrect behaviour.
This can be seen in function report defined on L2372. The function assumes that newTotalAssets is equal to the value returned by IBaseStrategy(address(this)).harvestAndReport() call, where address(this) is address of StrategyMainnet contract, since call to the TokenizedStrategy is done via delegateCall from BaseStrategy contract by Keepers. This is obviously incorrect, since the real newTotalAssets must include all of the assets in the vault. This inconsistency will lead to incorrect calculations down the flow of the report function.
Impact
Omitting claimable but unclaimed funds from the total assets could cause:
Misstated profit/loss reporting.
Incorrect protocol accounting.
Possible long-term insolvency scenarios if the logic perpetuates over multiple reporting cycles.
Potential financial loss for users and the protocol due to mispriced shares and erroneous fee assessments.
Tools Used
Manual review.
Recommendations
Update _harvestAndReport() to claim the funds from the transmuter before returning the _totalAssets.
Appeal created
Incorrect accounting in `_harvestAndReport` claimable should be included
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.