code-423n4 / 2021-11-yaxis-findings

0 stars 0 forks source link

`AlchemistVault` is not compatible with deflationary tokens #84

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

0x0x0x

Vulnerability details

Impact

AlchemistVault is not compatible with deflationary tokens and it can cause accounting mismatches. As a consequence users can lose funds.

Recommended Mitigation Steps

Use total amount of tokens at address for calculations rather than hardcoding results

Xuefeng-Zhu commented 2 years ago

Need more details

0xleastwood commented 2 years ago

I think there is an expectation at least from the sponsor's perspective that these sorts of tokens won't be used. Referencing #49 and #21 for more info

0xleastwood commented 2 years ago

Duplicate of #49