search

code-423n4 / 2021-06-gro-findings

0 stars 1 forks source link

BaseVaultAdaptor withdraws too much #113

Closed code423n4 closed 2 years ago

code423n4 commented 3 years ago

Handle

cmichel

Vulnerability details

Vulnerability Details

The two BaseVaultAdaptor.withdraw functions first check if the amount is already in the adapter, if not they withdraw the full amount again from the vault.

If one wants to minimize withdrawals from the yield-earning strategies, it'd be better to only withdraw the difference of amount and what's already in the vault adaptor from the vault strategies.

amount = _withdraw(calculateShare(amount), msg.sender);
// could be calcShare(amount - token.balanceOf(this))
amount = _withdraw(calcShare(amount.sub(token.balanceOf(this))), msg.sender);

Recommended Mitigation Steps

Withdraw the difference from vault to adopter and then withdraw the full adaptor amount to the recipient.

kitty-the-kat commented 2 years ago

This would be the opposite of what we want to achieve - we want to keep down prices for small users, which means that we want to always keep a reserve in the vault Adapter from which they can withdraw. If we empty out the vaultadapter by letting larger fish empty them out the cost of withdrawals would drastically go up for the smaller fish

ghoul-sol commented 2 years ago

Works as expected. Invalid.