Incorrect Calculation of _totalAssets in _harvestAndReport Function
Summary
In the _harvestAndReport function of the contract, the calculation of _totalAssets is incorrect because it includes underlyingBalance directly, without converting it into the final asset token. This misrepresentation could lead to incorrect reporting of the total assets held by the strategy. Instead of directly adding underlyingBalance, the underlying tokens should be swapped into asset before they are included in the total.
Vulnerability Details
underlyingBalance is in the underlying token (e.g., WETH), but the strategy's assets are reported in terms of the final asset token (e.g., ALETH). Therefore, simply adding underlyingBalance directly to _totalAssets without converting it to asset results in an incorrect total.
Impact
The incorrect calculation could lead to improper behavior in other functions that rely on _totalAssets, potentially resulting in faulty decisions regarding fund deployment, withdrawal, or management.
Tools Used
Recommendations
Appeal created
Incorrect accounting in `_harvestAndReport` claimable should be included
Incorrect accounting in `_harvestAndReport` claimable should be included
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.