However, such value cannot always be a substitute for real conversation rate from target token to underlying token. As Frax takes a fee at the time of withdrawal requests, which temporarily reduces the share price, and Tranche only track the MAX scale, so that create a arbitage opportunity for malicious users. They can simply deposit into tranche at a lower scale.
LTDingZhen
high
scaleshould be the conversation rate from target to underlyingSummary
scale should be the conversation rate from target to underlying, not the share-asset ratio in
ERC4626.Vulnerability Detail
In
BaseLSTAdapter.sol,scaleis calculated withconvertToAssetsin OZ's ERC4626 implementation:However, such value cannot always be a substitute for real conversation rate from target token to underlying token. As Frax takes a fee at the time of withdrawal requests, which temporarily reduces the share price, and Tranche only track the MAX scale, so that create a arbitage opportunity for malicious users. They can simply deposit into tranche at a lower scale.
Impact
arbitage opportunity on Frax adapter.
Code Snippet
https://github.com/sherlock-audit/2024-01-napier/blob/6313f34110b0d12677b389f0ecb3197038211e12/napier-v1/src/adapters/BaseLSTAdapter.sol#L232C1-L235C1
Tool used
Manual Review
Recommendation
Such value should be taken from corresponding protocol.