H-08 MitigationConfirmed

[c4-bot-3]

Lines of code

Vulnerability details

See:

Finding	Mitigation
H-08: Incorrect withdraw queue balance in TVL calculation	Pull Request

Navigating to H-08 from the previous contest we can see that there was an issue as to how the calculateTVL function incorrectly calculates the total value locked (TVL) by using the wrong index when fetching the balance of collateral tokens. Specifically, it uses the outer loop index i (meant for operator delegators) to access collateralTokens, leading to repeated addition of the same token's balance and neglect of other tokens. This miscalculation would have led incorrect TVL reporting, impacting critical operations like minting and redeeming. If there are even more operator delegators than collateral tokens this results in an index out of bounds error.

So to mitigate this, protocol have passed on this pull request, which sufficiently sorts this issue out, considering now the function uses the inner loop index j for accessing collateralTokens. Which ensures accurate TVL calculation and prevents potential operational and financial errors within the protocol, i.e:

               // record token value of withdraw queue
                 if (!withdrawQueueTokenBalanceRecorded) {
                     totalWithdrawalQueueValue += renzoOracle.lookupTokenValue(
-                         collateralTokens[i],
+                         collateralTokens[j],
                         collateralTokens[j].balanceOf(withdrawQueue)
                     );
                 }

[c4-judge]

alcueca marked the issue as satisfactory