c4-judge
commented
1 year ago Picodes marked the issue as confirmed for report
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as confirmed for report
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Lines of code
Vulnerability details
Original Issue
H-01 - The _currentExchangeRate of the Vault contract can't increase, and always be lower than or equal to _assetUnit
Details
The formulas to compute the currentExchangeRate were incorrectly computing the values when the vault is undercollateralized which caused the
_currentExchangeRateof the Vault contract can not increase, and always be lower than or equal to _assetUnitMitigation
The mitigation was to refactor the way how the Vault determines if it's collateralized or not, as part of this change, the
exchangeRatewas removed, and instead new logic was implemented to make that the shares are fully backed 1:1 to assets in the YieldVaultConclusion
The mitigation correctly solves the original issue. Now there is no such a concept of exchangeRate, instead, the Vault determines how much collateral is available and if the vault is collateralized or not. Minted shares by the vault are now backed 1:1 with the deposited assets.