Value Checked but Not Considered in Asset Calculation
Summary
The contracts StrategyArb.sol, StrategyOp.sol, and StrategyMainnet.sol contain a similar function named _harvestAndReport. This function is intended to calculate the total assets available within the system. However, it does not take all relevant variables into account when performing this calculation.
Vulnerability Details
The _harvestAndReport function is designed to account for "all applicable assets, including loose assets." During this process, it defines a claimable variable as follows:
This claimable variable represents the assets available in the transmuter for the contract. However, the claimable variable is not included in the calculation of the _totalAssets variable, which aggregates the system's total assets.
Impact
By excluding the claimable variable from the calculation of _totalAssets, any transmuter assets available to the contract remain unaccounted for and unused. This can result in suboptimal utilization of the system's resources.
Tools Used
Manual review.
Recommendations
To address this issue:
Include the
claimablevariable in the calculation of_totalAssetsto ensure all relevant assets are accounted for.Alternatively, if the
claimablevariable is not necessary, remove it entirely to avoid confusion and redundancy in the code.
Appeal created
Incorrect accounting in `_harvestAndReport` claimable should be included
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.