c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
c4-judge
commented
1 year ago Picodes marked the issue as confirmed for report
Lines of code
Vulnerability details
Original Issue
H-07 - _requireVaultCollateralized() is called at the beginning of the functions mintYieldFee() and liquidate()
Details
_requireVaultCollateralized()was a function that was used to determine if the vault was collateralized or not. The previous implementation called the_requireVaultCollateralized()at the beginning ofmintYieldFee()andliquidate(), the problem is that as part of the execution of these two functions, the state of the vault was modified, and the vault could become undercollateralized at the end of the functions.Mitigation
The mitigation was to refactor the way how the Vault determines if it's collateralized or not, as part of this change, the
_requireVaultCollateralized()was removed, and instead new logic was implemented to make that the shares are fully backed 1:1 to assets in the YieldVault. Because of this new logic, the operations executed on themintYieldFee()andliquidate()functions are safe against causing the vault to fall into under-collateralization.Conclusion
The mitigation solves successfully the original issue.