Open c4-bot-8 opened 8 months ago
jooleseth
commented
8 months ago We acknowledge that this situation is possible, but the effects and consequences of this are very minimal in reality as LPs update often and LPs are made aware of changes to fees with sufficient time.
c4-judge
commented
8 months ago 0xleastwood marked the issue as satisfactory
c4-sponsor
commented
8 months ago jooleseth (sponsor) acknowledged
c4-judge
commented
8 months ago 0xleastwood marked the issue as selected for report
Lines of code
https://github.com/code-423n4/2024-02-thruster/blob/main/thruster-protocol/thruster-cfmm/contracts/ThrusterFactory.sol#L75-L80
Vulnerability details
Proof of Concept
Thruster have introduced ability to change yield cut for their uniswap v2 like pools.
The yield is charged only, when some LP manages their position.
This means that in case if yield cut will be changed for a pool, then protocol fee should be minted for previous period using old yield cut, otherwise the yield cut will be incorrect, especially this is important for pools where liquidity is not added/removed often.
Impact
Yield can be collected with wrong proportion.
Tools Used
VsCode
Recommended Mitigation Steps
I guess protocol just needs to acknowledge the issue as it will be not possible(not worthy) to implement such mechanism.
Assessed type
Error