Open c4-submissions opened 1 year ago
gzeon-c4 marked the issue as duplicate of #55
gzeon-c4 marked the issue as not a duplicate
gzeon-c4 marked the issue as primary issue
gzeon-c4 marked the issue as satisfactory
gzeon-c4 marked the issue as selected for report
Lines of code
https://github.com/GoodEntry-io/ge/blob/c7c7de57902e11e66c8186d93c5bb511b53a45b8/contracts/GeVault.sol#L265-L293
Vulnerability details
After the mitigation, the TR fee is directly sent to GE vault. Suppose 0.1 eth trading fee has accumulated in TR.
As above, when depositing, the 0.1 eth fee is not reflected in
getTVL
. Only afterremoveFromAllTicks
(inrebalance
) will the fee be collected and sent to GE vault. Therefore, attacker can take a flashloan, deposit and then withdraw to steal almost all of the 0.1 eth trading fee. (the process is similar to what H-04 has described)When withdrawing, similarly, user will incur loss since latest trading fee is not accounted.
Assessed type
Context