search

code-423n4 / 2023-07-pooltogether-findings

12 stars 7 forks source link

Wrong formula in increasing yield fee balance #156

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L574

Vulnerability details

Impact

yield fee balance is increased incorrectly

Proof of Concept

Example, when the _yieldFeePercentage is 10% of total transaction So the total fee is calculated is:

(_amountOut FEE_PRECISION) / (FEE_PRECISION - _yieldFeePercentage) - _amountOut = 10/9 _amountOut - _amountOut = 1/9 _amountOut Which is not correct, since the yield fee is (_availableYield _yieldFeePercentage) / FEE_PRECISION; (https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L845)

Tools Used

manual review

Recommended Mitigation Steps

replace fee calculation function to (_amountOut * _yieldFeePercentage) / FEE_PRECISION;

Assessed type

Math

c4-judge commented 1 year ago

Picodes marked the issue as duplicate of #237

c4-judge commented 1 year ago

Picodes marked the issue as duplicate of #124

c4-judge commented 1 year ago

Picodes marked the issue as satisfactory

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Invalid