HardhatDeFi
15,000 USDC
View results
Submission Details
Severity: low
Invalid

Potential Edge Case in Yield Claiming Due to State Changes Between Calls

Summary

The getAccruedYield function allows the owner to check accrued yield before calling claimYield. While this mitigates unnecessary gas usage, there are potential edge cases where state changes (e.g., changes in aToken balance or wToken supply) between these calls could result in unexpected behavior, such as attempting to withdraw zero tokens despite previously seeing a positive yield.

Vulnerability Details

  1. State Dependency:

    • The result of getAccruedYield depends on contract state variables (aTokenBalance and wTokenSupply). These values can change between calls due to other operations or external factors.

  2. Edge Case:

    • If state changes occur after checking accrued yield but before claiming it, the actual amount available for withdrawal may differ from what was initially reported by getAccruedYield.

  3. Operational Inefficiency:

    • This could lead to wasted gas if an outdated positive yield value results in an attempt to withdraw zero tokens.

Impact

This issue primarily affects operational efficiency and usability rather than security or funds directly.

Tools Used

Manual Review

Recommendations

Add Validation in claimYield:

uint256 yieldAmount = _getAccruedYield(_collateralToken);
require(yieldAmount > 0, "No yield available for withdrawal");
Updates

Lead Judging Commences

bube Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.