wrong bond value amount will result in loss of funds for users in ZENO during redemption
Summary
during Bond redemption users are supposed to retrieve their face value or at least the startingPrice because it should be the closest to it albeit probably discounted but they are getting the usdc which is equal to the amount of bonds they minted not the price equivalent.
Vulnerability Details
When users redeem their bonds for the face Value at full maturity they are getting the bond amount in USDC instead of the face value i.e. if user's zeno balance = 5 they're getting 5 usdc, not even the amount they bought the bond for.
during minting they get the amount of zeno minted which is fine as long as when redemption time comes there's a mechanism in place for determining the correct amount of USDC they're supposed to get but there isn't as shown below :
Impact
This will result in loss of funds for users as they're not even getting the cost of the bond back resulting in utter dissatisfaction in the system
Tools Used
Recommendations
if the starting price is equal to the face value of the bond then consider transferring the face value in usdc back to all users during redemption if bond is at full maturity which it will be because users will generally not redeem until it is
consider implementing a mechanism similar to the getPrice mechanism for price determination in Auction.sol which would determine price based on how closer we are to full maturity and ensure user get at least the amount they paid for the bonds
Lead Judging Commences
ZENO.sol implements fixed 1:1 redemption with USDC regardless of auction purchase price, breaking zero-coupon bond economics and causing user funds to be permanently lost
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.