Insufficient Balance Check in `_harvestAndReport` function in `StrategyOp.sol`
Summary
The _harvestAndReport function does not validate whether the balance of underlying tokens (e.g., WETH) can be profitably converted to asset tokens (e.g., alETH) before including the underlying balance in the total assets calculation.
This can result in an overstatement of the strategy’s total assets during unfavorable market conditions.
Vulnerability Details
In _harvestAndReport, the function calculates the total assets by summing:
The unexchanged balance from the transmuter.
The balance of asset tokens held by the strategy.
The balance of underlying tokens held by the strategy.
The underlyingBalance is directly added to _totalAssets without considering whether it can be converted to asset tokens at favorable rates.
During periods of market volatility or low liquidity, the actual value of underlying tokens in terms of asset tokens may be significantly lower than expected, leading to an overestimation of the strategy’s total assets.
Impact
The strategy may report an inflated value, misleading stakeholders or automated systems relying on accurate reporting.
Tools Used
Recommendations
Modify _harvestAndReport to include a check that validates whether the underlying balance can be profitably converted to asset tokens before including it in the total assets calculation.
Use an oracle or other reliable price feed to fetch the conversion rate.
Appeal created
balanceDeployed() and _harvestAndReport() add WETH and alETH, but they have different prices
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.