The `balanceDeployed` view function adds the underlying amount which is incorrect.
Summary
balanceDeployed view function can be used to check the total deployed alETH but including underlying(WETH) makes it incorrect.
Vulnerability Details
WETH and alETH don’t have the same exchange rate and it is just a softly pegged asset. Including raw WETH in the balanceDeployed view, function will result in the incorrect return value for the external system.
Example Scenario: Let's say the strategy has:
100 alETH in the transmuter (unexchanged balance)
10 WETH (underlying balance)
5 alETH (loose asset balance)
With WETH/alETH exchange rate of 0.95 (meaning 1 WETH = 0.95 alETH), the current implementation would return:
But this is incorrect because those 10 WETH are actually only worth 9.5 alETH (10 * 0.95). The actual deployed value should be:
Impact
Incorrect return data in view function,so i think it is low issue.Tools Used
Recommendations
Either exclude WETH from calculation or implement a way to get the current exchange rate of WETH → alETH and use that.
Appeal created
balanceDeployed() and _harvestAndReport() add WETH and alETH, but they have different prices
balanceDeployed() and _harvestAndReport() add WETH and alETH, but they have different prices
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.