search

sherlock-audit / 2023-01-derby-judging

4 stars 1 forks source link

ak1 - MainVault.sol : checkForBalance is not returning the correct value. #396

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

ak1

medium

MainVault.sol : checkForBalance is not returning the correct value.

Summary

checkForBalance() is used in withdrawAllowance() and in withdrawRewards(). Inside this function there is check to ensure the as per comment,

/// @notice Sometimes when swapping stable coins the vault will get a fraction of a coin less then expected /// @notice This is to make sure the vault doesnt get stuck /// @notice Value will be set to the vaultBalance /// @notice When divergence is greater then maxDivergenceWithdraws it will revert /// @param _value Value the user wants to withdraw /// @return value Value - divergence

Since getVaultBalance() is done one after another, not sure how this prevent the above mentioned issue.

if it is going to incur the difference, then fraction value would be a loss. Value would depend of the fractional dollar value.

Vulnerability Detail

refer the summary section.

Impact

not sure how this is going to prevent the loss. since same function is called.

Fraction of loss to user.

Code Snippet

https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/MainVault.sol#L238-L245

Tool used

Manual Review

Recommendation

Return the oldValue from the function.