StrategyLeverage.harvest function checks position state. In case if position LTV is bigger than max LTV, then extra debt is repaid to decrease LTV back to normal.
In order to repay part of debt, flashloan is taken and contract should pay fee for it.
So overall after adjusting our debt is decreased with deltaDebt but our collateral is decreased with deltaDebt + fee.
The problem is that this is not reflected in the newDeployedAmount calculation as it thinks that both collateral and debt where decreased by deltaDebt.
As result of this newDeployedAmount is bigger than it is in reality(in reality it is newDeployedAmount - fee), which means that later when some profit accrued, protocol may not receive it. For example if profit is < fee, then protocol won't receive it and if profit is > fee, then protocol will receive management fee based on profit - fee amount.
Impact
Protocol may receive smaller amount of fees.
Tools Used
VsCode
Recommended Mitigation Steps
Make _adjustDebt returns fee as well and use it to decrease collateral.
Lines of code
https://github.com/code-423n4/2024-05-bakerfi/blob/main/contracts/core/strategies/StrategyLeverage.sol#L397-L399
Vulnerability details
Proof of Concept
StrategyLeverage.harvest
function checks position state. In case if position LTV is bigger than max LTV, then extra debt is repaid to decrease LTV back to normal.In order to repay part of debt, flashloan is taken and contract should pay fee for it. So overall after adjusting our debt is decreased with
deltaDebt
but our collateral is decreased withdeltaDebt + fee
.The problem is that this is not reflected in the
newDeployedAmount
calculation as it thinks that both collateral and debt where decreased bydeltaDebt
.As result of this
newDeployedAmount
is bigger than it is in reality(in reality it isnewDeployedAmount - fee
), which means that later when some profit accrued, protocol may not receive it. For example ifprofit is < fee
, then protocol won't receive it and ifprofit is > fee
, then protocol will receive management fee based onprofit - fee
amount.Impact
Protocol may receive smaller amount of fees.
Tools Used
VsCode
Recommended Mitigation Steps
Make
_adjustDebt
returnsfee
as well and use it to decrease collateral.Assessed type
Error