Closed c4-bot-1 closed 7 months ago
raymondfam marked the issue as insufficient quality report
Incorrect assumption and insufficient proof. liquid yield (or amountOut) is different than yield fee.
raymondfam marked the issue as primary issue
hansfriese marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-03-pooltogether/blob/480d58b9e8611c13587f28811864aea138a0021a/pt-v5-vault/src/PrizeVault.sol#L675
Vulnerability details
Impact
_yieldFee
was wrongly rounded down as the intention of the protocol was to round down to Yield balance and round up on Yieldfee as stated here;This will ultimately cause Loss of yield fees to Yield balance.
Proof of Concept
https://github.com/code-423n4/2024-03-pooltogether/blob/480d58b9e8611c13587f28811864aea138a0021a/pt-v5-vault/src/PrizeVault.sol#L675
Tools Used
Manual
Recommended Mitigation Steps
Round up on Yield fee
Assessed type
Error