Unlike Yearn-like vault that collect fee upon harvest, performance fee on SandClock strategy is claimed only on aUST redeem. And since the calculation of originalUst use the average UST cost per aUST since strategy inception to calculate the strategy performance, it is very difficult to collect strategy fee without a total divest/redemption.
dmvt
commented
2 years ago
Handle
gzeon
Vulnerability details
Impact
Unlike Yearn-like vault that collect fee upon harvest, performance fee on SandClock strategy is claimed only on aUST redeem. And since the calculation of
originalUstuse the average UST cost per aUST since strategy inception to calculate the strategy performance, it is very difficult to collect strategy fee without a total divest/redemption.Proof of Concept
https://github.com/code-423n4/2022-01-sandclock/blob/a90ad3824955327597be00bb0bd183a9c228a4fb/sandclock/contracts/strategy/BaseStrategy.sol#L184