underlyingReceived: underlyings received from all active vault contracts
But the current operation does not determine whether the current vault is an activeVault
Non-active vault will also +++
Must be added to be activeVault before ++, to avoid calculation errors
bin2chen
medium
setTotalUnderlyingInt() underlyingReceived Counting may be incorrect
Summary
setTotalUnderlyingInt() underlyingReceived Counting may be incorrect
Vulnerability Detail
setTotalUnderlyingInt() will be ++ for underlyingReceived code as follows:
But the current operation does not determine whether the current vault is an activeVault Non-active vault will also +++ Must be added to be activeVault before ++, to avoid calculation errors
Impact
underlyingReceived Counting may be incorrect
Code Snippet
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/XChainController.sol#L288
Tool used
Manual Review
Recommendation