search

code-423n4 / 2024-02-spectra-findings

4 stars 2 forks source link

Some IBTs cannot be used because it is non-rebasing #68

Closed c4-bot-4 closed 8 months ago

c4-bot-4 commented 8 months ago

Lines of code

https://github.com/code-423n4/2024-02-spectra/blob/383202d0b84985122fe1ba53cfbbb68f18ba3986/src/tokens/PrincipalToken.sol#L206-L213

Vulnerability details

Impact

ERC4626 Vaults with non-rebasing IBTs will not get any yield.

Proof of Concept

There are generally two types of interest bearing tokens, rebasing and non-rebasing. For rebasing tokens, the IBT will grow in amount, so let's say 1000 aUSDC with 10% APY. In one year, 1000 aUSDC will become 1100 aUSDC.

For non-rebasing tokens, the IBT will grow in value, so for 1000 cUSDC with 10% APY, in one year, 1000 cUSDC will become 1000 cUSDC, but the user can claim it for 1100 USDC.

The vault only works for rebasing tokens because the amount of tokens increase, which means that IBT rate (previewRedeem()) will increase since asset increases.

    function _getCurrentPTandIBTRates(bool roundUpPTRate) internal view returns (uint256, uint256) {
>       uint256 currentIBTRate = IERC4626(ibt).previewRedeem(ibtUnit).toRay(_assetDecimals);
        if (IERC4626(ibt).totalAssets() == 0 && IERC4626(ibt).totalSupply() != 0) {
            currentIBTRate = 0;
        }
        uint256 currentPTRate = currentIBTRate < ibtRate
            ? ptRate.mulDiv(
                currentIBTRate,
                ibtRate,
                roundUpPTRate ? Math.Rounding.Ceil : Math.Rounding.Floor
            )
            : ptRate;
        return (currentPTRate, currentIBTRate);
    }

For non-rebasing tokens, the rate will not increase since the amount of tokens does not increase. Although the rate will stay the same, the value of the IBT token will increase. However, it does not work with PT/YT as the yield comes in the form of the value of the IBT tokens

Tools Used

Manual Review

Recommended Mitigation Steps

Since the documentation mentions IBT that are non rebasing, do check the vaults and make sure only rebasing IBTs are included. (stETH, aUSDC) etc

Assessed type

Context

c4-pre-sort commented 8 months ago

gzeon-c4 marked the issue as sufficient quality report

c4-pre-sort commented 8 months ago

gzeon-c4 marked the issue as primary issue

c4-sponsor commented 8 months ago

yanisepfl (sponsor) disputed

yanisepfl commented 8 months ago

ERC4626 Vaults with non-rebasing IBTs will not get any yield.

There is no such thing as non-rebasing IBTs 4626 vaults. Integrating non-rebasing tokens such as Aave's IBTs would necessitate creating a 4626 adaptor.

We dispute this issue.

c4-judge commented 8 months ago

JustDravee marked the issue as unsatisfactory: Invalid