c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
c4-judge
commented
1 year ago Picodes marked the issue as confirmed for report
Lines of code
Vulnerability details
Comments
The previous implementation of the _currentExchangeRate method had an edge case where if 0 assets were withdrawable from the yield vault then the exchange rate would be 1:1 and therefore the vault would be considered collateralised despite having no collateral available to withdraw.
Mitigation
The mitigation addresses the original issue in a broad way by replacing the exchange rate function with a collateral function. When the vault is collateralised, shares are exchanged for assets 1:1, but when the vault is undercollateralised then the user will receive a portion of the remaining collateral based on the number of shares that they hold/redeem. The
previewWithdrawandpreviewRedeemmethods are also correct in the final implementation. The original issue has been resolved.Conclusion
LGTM
Assessed type
Other