During Controller.setCap we change _vaultDetails[_vault].balance to _vaultDetails[_vault].balance.sub(_balance). This is wrong, and the correct value should be _vaultDetails[_vault].balance.sub(_diff), because _diff is the value withdrawn from the strategy.
High risk because this is an accounting error that propagates though the function balance() in Vault.sol, so for all deposits/withdraws.
Handle
0xsanson
Vulnerability details
Impact
During
Controller.setCap
we change_vaultDetails[_vault].balance
to_vaultDetails[_vault].balance.sub(_balance)
. This is wrong, and the correct value should be_vaultDetails[_vault].balance.sub(_diff)
, because_diff
is the value withdrawn from the strategy. High risk because this is an accounting error that propagates though the functionbalance()
in Vault.sol, so for all deposits/withdraws.Tools Used
editor
Recommended Mitigation Steps
Correct using
_diff
instead of_balance
.