search

sherlock-audit / 2024-01-napier-judging

8 stars 5 forks source link

Solidity_ATL_Team_1 - Accrued yields not collected from YT for YT holders in tranche `redeem` and tranche `withdraw`. #126

Closed sherlock-admin2 closed 5 months ago

sherlock-admin2 commented 5 months ago

Solidity_ATL_Team_1

medium

Accrued yields not collected from YT for YT holders in tranche redeem and tranche withdraw.

Summary

The redeem and withdraw functions in the tranche contract are used to withdraw underlying and burn PT at maturity. The function is expected to collect accrued yields from YT if the users hold YT as specified in yield-stripping-system.md #67. However, this functionality is omitted in the function.

Vulnerability Detail

https://github.com/sherlock-audit/2024-01-napier/blob/6313f34110b0d12677b389f0ecb3197038211e12/napier-v1/src/Tranche.sol#L298 and https://github.com/sherlock-audit/2024-01-napier/blob/6313f34110b0d12677b389f0ecb3197038211e12/napier-v1/src/Tranche.sol#L328

User calls redeem or withdraw with a principalAmount or an underlyingAmount, a to address and a from address. from's PT is successfully burnt and a underlying value is successfully transferred to to. However, accrued yields from YT is not collected if to or from are YT holders.

Impact

Accrued yields from YT would not be collected for the Addresses when the redeem/withdraw functions are called.

Code Snippet

https://github.com/sherlock-audit/2024-01-napier/blob/6313f34110b0d12677b389f0ecb3197038211e12/napier-v1/src/Tranche.sol#L298

https://github.com/sherlock-audit/2024-01-napier/blob/6313f34110b0d12677b389f0ecb3197038211e12/napier-v1/src/Tranche.sol#L328

Tool used

Manual Review

Recommendation

Add:

uint256 _lscaleFrom = lscales[from];
if (_lscaleFrom != 0) {
    unclaimedYields[from] +=
        _computeAccruedInterestInTarget(_gscales.maxscale, _lscaleFrom, _yt.balanceOf(from));
    lscales[from] = _gscales.maxscale;
}

uint256 _lscaleReceiver = lscales[to];
if (_lscaleReceiver != 0) {
    unclaimedYields[to] +=
        _computeAccruedInterestInTarget(_gscales.maxscale, _lscaleReceiver, _yt.balanceOf(to));
    lscales[to] = _gscales.maxscale;
}

from https://github.com/sherlock-audit/2024-01-napier/blob/6313f34110b0d12677b389f0ecb3197038211e12/napier-v1/src/Tranche.sol#L305 and https://github.com/sherlock-audit/2024-01-napier/blob/6313f34110b0d12677b389f0ecb3197038211e12/napier-v1/src/Tranche.sol#L335 to the redeem and withdraw functions respectively.

Duplicate of #45

massun-onibakuchi commented 5 months ago

YT holders can claim accrued yields with collect