BunniSupply::getProtocolOwnedLiquidityReserves() returns incorrect amount of reserves
Summary
BunniSupply::getProtocolOwnedLiquidityReserves() gives incorrect amount of reserves
Vulnerability Detail
The amount of reserves returned from this method is the amount of reserves for the whole supply (total supply) of bunni tokens, not the amount that the protocol owns.
There are missing steps to calculate protocol-owned amount, for each iteration of the loop:
Get the amount of shares (amount of bunni token) that the protocol owns.
tvdung94
high
BunniSupply::getProtocolOwnedLiquidityReserves() returns incorrect amount of reserves
Summary
BunniSupply::getProtocolOwnedLiquidityReserves() gives incorrect amount of reserves
Vulnerability Detail
The amount of reserves returned from this method is the amount of reserves for the whole supply (total supply) of bunni tokens, not the amount that the protocol owns. There are missing steps to calculate protocol-owned amount, for each iteration of the loop:
Impact
Display wrong results, potentially disrupting accounting.
Code Snippet
https://github.com/sherlock-audit/2023-11-olympus/blob/main/bophades/src/modules/SPPLY/submodules/BunniSupply.sol#L212-L260
Tool used
Manual Review
Recommendation
Consider implement the missing steps
Duplicate of #172