balanceOf returns 0 after maturity

[c4-bot-4]

Lines of code

https://github.com/code-423n4/2024-02-spectra/blob/383202d0b84985122fe1ba53cfbbb68f18ba3986/src/tokens/YieldToken.sol#L121-L125

Vulnerability details

Impact

The YieldToken.sol contract implements a balanceOf function, which checks if block.timestamp has passed a maturity period. However, it returns 0 if it has passed.

Users may not expect their token balance to effectively become 0 after a certain date, as this is not standard behavior for ERC20 tokens. This could lead to confusion and potentially disrupt integrations with other contracts or services that rely on balanceOf to determine token holdings.

Many DeFi protocols/contracts interact with tokens based on their balance as reported by balanceOf. If balanceOf suddenly starts returning 0 after maturity, it could lead to unintended behavior in those protocols.

Proof of Concept

YieldToken::balanceOf (#L121-125)

 /** @dev See {IYieldToken-balanceOf} */
    function balanceOf(
        address account
    ) public view override(IYieldToken, ERC20Upgradeable) returns (uint256) {
        return (block.timestamp < IPrincipalToken(pt).maturity()) ? super.balanceOf(account) : 0;
    }

Tools Used

Manual Review

Recommended Mitigation Steps

Perhaps display the actualBalanceOf despite maturity passing.

Assessed type

ERC20

[c4-pre-sort]

gzeon-c4 marked the issue as duplicate of #16

[c4-pre-sort]

gzeon-c4 marked the issue as sufficient quality report

[c4-judge]

JustDravee marked the issue as unsatisfactory: Invalid