Closed github-actions[bot] closed 1 year ago
Avci
medium
user actually will get less than what he supposed to get
Some tokens take a transfer fee (e.g. STA, PAXG) and its making problem with do cut process.
it will cause the users not able to get full amount of their money
function withdrawLend(address token, uint256 shareAmount) external override inExec poke(token) { Position storage pos = positions[POSITION_ID]; Bank storage bank = banks[token]; if (token != pos.underlyingToken) revert INVALID_UTOKEN(token); if (shareAmount == type(uint256).max) { shareAmount = pos.underlyingVaultShare; } uint256 wAmount; if (address(ISoftVault(bank.softVault).uToken()) == token) { ISoftVault(bank.softVault).approve( bank.softVault, type(uint256).max ); wAmount = ISoftVault(bank.softVault).withdraw(shareAmount); } else { wAmount = IHardVault(bank.hardVault).withdraw(token, shareAmount); } wAmount = wAmount > pos.underlyingAmount ? pos.underlyingAmount : wAmount; pos.underlyingVaultShare -= shareAmount; pos.underlyingAmount -= wAmount; bank.totalLend -= wAmount; wAmount = doCutWithdrawFee(token, wAmount); IERC20Upgradeable(token).safeTransfer(msg.sender, wAmount); }
https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/BlueBerryBank.sol#L669
Manual Review
Duplicate of #153
Avci
medium
user actually will get less than what he supposed to get
Summary
user actually will get less than what he supposed to get
Vulnerability Detail
Some tokens take a transfer fee (e.g. STA, PAXG) and its making problem with do cut process.
Impact
it will cause the users not able to get full amount of their money
Code Snippet
https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/BlueBerryBank.sol#L669
Tool used
Manual Review
Recommendation
Duplicate of #153