GalloDaSballo
commented
2 years ago Per the discussion in #210 I must categorically disagree, the warden is asking to insert a vulnerability in the system.
I also would like the warden to show an actual example of this happening as they seem to imply the invariants on withdrawal can be broken but they fail to show any evidence.
For those reasons I must disagree completely
jack-the-pug
Lines of code
https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/StakedCitadel.sol#L808
Vulnerability details
r is only the withdrawer share in the contract balance but not in the money in the strategy contract. the wthdrawer won't get his share in the money in the strategy contract.