Closed c4-bot-7 closed 5 months ago
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as duplicate of #10
raymondfam marked the issue as duplicate of #59
hansfriese changed the severity to 3 (High Risk)
hansfriese marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2024-03-pooltogether/blob/480d58b9e8611c13587f28811864aea138a0021a/pt-v5-vault/src/PrizeVault.sol#L611
Vulnerability details
[M-1] The
claimYieldFeeShares
function will lose shares ifshares
!=yieldFeeBalance
Description There is a mishandling of
yieldFeeBalance
in theclaimYieldFeeShares
function. this function will set theyieldFeeBalance
to zero every time is called and doesn't handle the shares well:the
claimYieldFeeShares
function must subtractyieldFeeBalance
withshares
not with itself because for example ifyieldFeeBalance
was 10e18 and theyieldFeeRecipient
wants just to call theclaimYieldFeeShares
with1e18
shares then he would lose the other9e18
shares which could mint. he had this potential to mint shares more and just lost it.Impact funds are not at direct risk but
yieldFeeRecipient
will just lose shares that he could minted.Recommend Mitigation
Assessed type
Math