Summary

The getAccruedYield function allows the owner to check accrued yield before calling claimYield. While this mitigates unnecessary gas usage, there are potential edge cases where state changes (e.g., changes in aToken balance or wToken supply) between these calls could result in unexpected behavior, such as attempting to withdraw zero tokens despite previously seeing a positive yield.

Vulnerability Details

1. State Dependency:

   • The result of getAccruedYield depends on contract state variables (aTokenBalance and wTokenSupply). These values can change between calls due to other operations or external factors.

2. Edge Case:

   • If state changes occur after checking accrued yield but before claiming it, the actual amount available for withdrawal may differ from what was initially reported by getAccruedYield.

3. Operational Inefficiency:

   • This could lead to wasted gas if an outdated positive yield value results in an attempt to withdraw zero tokens.

Impact

This issue primarily affects operational efficiency and usability rather than security or funds directly.

Tools Used

Manual Review

Recommendations

Add Validation in claimYield: