Haz077
commented
2 years ago Suggested by #71
Open code423n4 opened 2 years ago
Haz077
commented
2 years ago Suggested by #71
GalloDaSballo
commented
2 years ago Agree with finding Would recommend to tweak architecture to issue shares on withdrawal free accrual, or simply transfer those fees out to avoid this type of situation
Mitigation suggested by warden seems simple enough as well
Is not a duplicate from what I can tell
Handle
hickuphh3
Vulnerability details
Impact
Whenever a user withdraws from a vault, a withdrawal fee is applied, and is distributed proportionally to the remaining vault token holders.
Should the protocol be halted, if the withdrawal fee remains non-zero, we would have a "last man standing" situation since users who withdraw later will benefit from withdrawals before them.
There would also be the issue of unaccounted withdrawal fees when the last vault token holder withdraws his funds.
Recommended Mitigation Steps
setHalted()