Closed code423n4 closed 2 years ago
It is enough to withdraw the max(protocolWithdrawalUsd[i], allState.stableState.swapInAmountsUsd[i]). Withdrawal from over-exposed protocol can impact stablecoin exposure and protocol exposure at that same time.
Going to trust sponsor here. Invalid.
Handle
cmichel
Vulnerability details
Vulnerability Details
The
Allocation.calcProtocolWithdraw
function computes how much can be withdrawn per strategy. At the end of the function, ifprotocolWithdrawalUsd[i]
, the difference of current and target allocation, is less than the swap in amount, the withdrawal is set to the swap in amount.But it could even be set to the difference plus the withdrawal amount and it'd still hit the target amount?
Impact
Less efficient withdrawals
Recommended Mitigation Steps
Should it not always add
allState.stableState.swapInAmountsUsd[i]
toprotocolWithdrawalUsd[i]
?