GalloDaSballo
commented
2 years ago I believe balance in our contract was improperly changed.
Wdyt @dapp-whisperer
Closed code423n4 closed 2 years ago
GalloDaSballo
commented
2 years ago I believe balance in our contract was improperly changed.
Wdyt @dapp-whisperer
jack-the-pug
commented
2 years ago Dup #74
Lines of code
https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/StakedCitadel.sol#L816
Vulnerability details
ris the user's part of the contract balance, but is supposed to be the user's part of the total funds, including the strategy funds.therefore the check at line 816 will always return false because the user's part of the contract balance is smaller than the contract balance.
the user doesn't get their part of the strategy funds.
Impact
The user loses funds if they withdraw when there are funds in the strategy.
Recommended Mitigation Steps
chnage
rto be (total funds) * _shares / totalSupply();