vnadoda
commented
1 year ago @clems4ev3r This is not valid issue. Carapace protocol hasn't implemented fees yet. Fee mentioned is Goldfinch fees used to calculate buyer's APR.
Closed github-actions[bot] closed 1 year ago
vnadoda
commented
1 year ago @clems4ev3r This is not valid issue. Carapace protocol hasn't implemented fees yet. Fee mentioned is Goldfinch fees used to calculate buyer's APR.
clems4ev3r
commented
1 year ago @vnadoda agreed, this is not valid
0xminty
commented
1 year ago Escalate for 10 USDC
That's the documentation for Carapace : https://www.carapace.finance/WhitePaper. Here is a snippet of how the constant is calculated:K = P / (−e −t∗λ -−e −T∗λ ) where P is premium − protocol_fees.
there was nowhere it says whether fees are implemented yet or not
sherlock-admin
commented
1 year ago Escalate for 10 USDC That's the documentation for Carapace : https://www.carapace.finance/WhitePaper. Here is a snippet of how the constant is calculated:
K = P / (−e −t∗λ -−e −T∗λ ) where P is premium − protocol_fees.there was nowhere it says whether fees are implemented yet or not
You've created a valid escalation for 10 USDC!
To remove the escalation from consideration: Delete your comment. To change the amount you've staked on this escalation: Edit your comment (do not create a new comment).
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
hrishibhat
commented
1 year ago Escalation rejected
This is an informational issue as the protocol has not yet implemented the protocol fees https://github.com/sherlock-audit/2023-02-carapace/blob/77e10f49989fcae92a13ec2ff827fcc9f5bd4593/contracts/libraries/AccruedPremiumCalculator.sol#L85
sherlock-admin
commented
1 year ago Escalation rejected
This is an informational issue as the protocol has not yet implemented the protocol fees https://github.com/sherlock-audit/2023-02-carapace/blob/77e10f49989fcae92a13ec2ff827fcc9f5bd4593/contracts/libraries/AccruedPremiumCalculator.sol#L85
This issue's escalations have been rejected!
Watsons who escalated this issue will have their escalation amount deducted from their next payout.
Hawkeye
high
Accrued Premium is calculated incorrectly
Summary
Calculation is done erroneously for AP therefore
total_sToken_underlyingwill be greater than it should be.Vulnerability Detail
As per the protocol documentation, the Accrued Premium is derived from k * lamda with the premium (excluding protocol fees) but the premium is never reduced by the fees ,thereby
The premium amount which is scaled is without fee and this is used to calculate k
when the premiums are accrued, this erroneous value will translate to a higher premium :
https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/libraries/ProtectionPoolHelper.sol#L267
Impact
Shares of sToken will be inflated since exchange rate will be higher as a result of a higher accrued premium
Code Snippet
https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/libraries/AccruedPremiumCalculator.sol#L85
Tool used
Manual Review
Recommendation
After the lamda and k is calculated in
_verifyAndCreateProtectiondeduct the protocol fee which is calculated here :https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/adapters/GoldfinchAdapter.sol#L214