Users can avoid performance fees by withdrawing before the end of the epoch forcing other users to pay their fees

Summary

No performance fees are taken when user withdraws early from the vault but their withdrawal value will be used to take fees, which will be taken from other users.

Vulnerability Detail

uint256 adjustedTotalAssets = _totalAssets() + l.totalWithdrawals;

if (adjustedTotalAssets > l.lastTotalAssets) {
    netIncome = adjustedTotalAssets - l.lastTotalAssets;

    feeInCollateral = l.performanceFee64x64.mulu(netIncome);

    ERC20.safeTransfer(l.feeRecipient, feeInCollateral);
}

When taking the performance fees, it factors in both the current assets of the vault as well as the total value of withdrawals that happened during the epoch. Fees are paid from the collateral tokens in the vault, at the end of the epoch. Paying the fees like this reduces the share price of all users, which effectively works as a fee applied to all users. The problem is that withdraws that take place during the epoch are not subject to this fee and the total value of all their withdrawals are added to the adjusted assets of the vault. This means that they don't pay any performance fee but the fee is still taken from the vault collateral. In effect they completely avoid the fee force all there other users of the vault to pay it for them.