Missing Fee Accrual Logic in deposit() Causes Loss of Yield Distribution

Summary

The deposit() function no longer calculates or applies protocol fees to the AssetToken exchange rate. As a result, deposits do not contribute to yield accrual for existing holders, breaking the intended economic model of the protocol.

Vulnerability Details

The current implementation of deposit() is:

Unlike the previous implementation, the function no longer executes:

Because of this:

1. No fee is calculated during deposits.

2. No fee is added to the AssetToken accounting.

3. The exchange rate remains unchanged after deposits.

4. Existing AssetToken holders receive no value accrual from new deposits.

Impact

The protocol's fee accrual mechanism is effectively disabled for deposits.

Users depositing assets receive the full amount of AssetTokens based on the current exchange rate, while no portion of the deposited value is redistributed to existing holders through exchange rate appreciation.

This breaks the expected yield distribution model and may result in a loss of protocol revenue and holder rewards.

Proof of Concept

Assume:

• Exchange rate = 1.0

• Deposit amount = 1,000 tokens

• Intended fee = 0.3%

Expected behavior:

• Fee = 3 tokens

• Exchange rate increases through updateExchangeRate()

• Existing holders benefit from accrued value

Actual behavior:

• User receives AssetTokens corresponding to the full 1,000-token deposit

• No fee is calculated

• Exchange rate remains unchanged

• Existing holders receive no benefit

Recommended Mitigation

Restore the fee accrual logic within deposit():

This ensures that deposit fees are correctly reflected in the exchange rate and distributed to AssetToken holders as intended.