Open hats-bug-reporter[bot] opened 3 months ago
The performance fee calculation requires the total value of the portfolio in USD, which is divided by the total supply to get the current token price. It requires all portfolio tokens to be enabled. If tokens are not enabled, asset managers need to rebalance the portfolio to enabled tokens to charge performance fees.
Github username: -- Twitter username: rnemes4 Submission hash (on-chain): 0x8fc6a02dec5a418f09c53ddd63e5147f727202bfedb62adad7ce944545484bf6 Severity: low
Description: Description\ By seting a portfolio token to disabled a protocol owner will prevent the asset manager from minting any performance fees due to
getVaultValueInUSD
reverting incontracts/core/calculations/VaultCalculations.sol
The following is a description of the call path, showing how this affects the
chargePerformanceFee
call incontracts/fee/FeeModule.sol
A token in the vault can be disabled by the protocolOwner
contracts/config/protocol/TokenManagement.sol
In the
feeModule
we have thechargePerformanceFee
function which can be called by theassetOwner
contracts/fee/FeeModule.sol
This function calls into
portfolio.getVaultValueInUSD
which willrevert
withErrorLibrary.TokenNotEnabled()
if any token has been dissabled.contracts/core/calculations/VaultCalculations.sol
Attack Scenario\ This is not an attack but can cause a DOS of charging perfomance fees. This is the only place in the protocol that uses the disabled token feature and is possibly an oversight from a previous audit
https://github.com/Velvet-Capital/audits/blob/main/Velvet_Capital_V2_Security_Audit_Report.pdf
issueSHB.21.1
where a similar issue was reported and theenabled
chack was removed.Attachments
Proof of Concept (PoC) File https://gist.github.com/Jonsey/04717dbabc94e7c7d29d1ab36148d956
Revised Code File (Optional) It is recomended to just carry on when a token is disabled or maybe consider removing the disabled functionality completely.