Open code423n4 opened 2 years ago
Agree with the finding
Anytime the strategy incurs a loss during withdrawal, the person that triggered that withdrawal will get less for their shares than what they may expect.
Since amount of shares is computed by checking balance in strategy, and controller enacts this withdrawal, adding a check in the controller to compare expected withdrawal vs actual shares received would be a clean way to mitigate
Handle
cmichel
Vulnerability details
The
Vault.withdraw
function attempts to withdraw funds from the controller if there are not enough in the vault already. In the case the controller could not withdraw enough, i.e., where_diff < _toWithdraw
, the user will receive less output tokens than their fair share would entitle them to (the initial_amount
).Impact
The withdrawer receives fewer output tokens than they were entitled to.
Recommended Mitigation Steps
In the mentioned case, the
_shares
should be recomputed to match the actual withdrawn_amount
tokens:Only these shares should then be burned.