Closed sherlock-admin closed 1 year ago
Escalate for 10 USDC
This should be High. There can be huge fund loss for protocol when withdraw is partial. Provider's withdraw is routinely called by Vault managing the aggregated funds distribution, the freeze amount can be massive enough and will be translated to a loss for many users.
Escalate for 10 USDC
This should be High. There can be huge fund loss for protocol when withdraw is partial. Provider's withdraw is routinely called by Vault managing the aggregated funds distribution, the freeze amount can be massive enough and will be translated to a loss for many users.
You've created a valid escalation for 10 USDC!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Escalation accepted
Although there is a precondition that there should be partial withdrawals, considering that the code does not consider this scenario and the significant impact of the loss. to the user, this issue can be considered a valid high in this case.
Escalation accepted
Although there is a precondition that there should be partial withdrawals, considering that the code does not consider this scenario and the significant impact of the loss. to the user, this issue can be considered a valid high in this case.
This issue's escalations have been accepted!
Contestants' payouts and scores will be updated according to the changes made on this issue.
spyrosonic10
high
Possible loss of fund in YearnProvider
Summary
There may be scenarios in Yearn where they don't have enough collateral to satisfy withdraw request and this will result in withdrawing less amount than requested amount i.e. partial withdraw.
Vulnerability Detail
Yearn deploy its capital/collateral to other protocols and there may be scenarios when Yearn is not able to withdraw requested amount from other protocols collectively. In this scenario, Yearn will calculate
sharesToBurn
from partial amount it has withdrawn and burn partial shares. Given partial withdraw is possible inwithdraw()
of YearnProvider, current logic is not dealing with remaining LP token inYearnProvider.sol
Impact
Unburnt/remaining shares (LP tokens) will remain in YearnProvider.sol contract and this amount will not be part of
balanceUnderlying()
hence will not be considered as amount under management. So it is clear to say that this scenario will results in loss of fund.Code Snippet
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/Providers/YearnProvider.sol#L44-L66
Tool used
Manual Review
Recommendation
Transfer remaining
_yTokens
tomsg.sender
after withdraw is done from YearnDuplicate of #355