It's possible that the strategy will never be retired

Summary

In the strategy, there is a retireStrategy function which is used to retire strategy and remove all assets from the pool. However, the condition of retiring is quite tedious and may never meet.

Vulnerability Detail

The retireStrategy function only allows contract owner to call it, but there is another check at the start of the function:

    function retireVault() external onlyOwner {
        if (IBeefyVaultConcLiq(vault).totalSupply() != 10**3) revert NotAuthorized();
        panic(0,0);
        address feeRecipient = beefyFeeRecipient();
        IERC20Metadata(lpToken0).safeTransfer(feeRecipient, IERC20Metadata(lpToken0).balanceOf(address(this)));
        IERC20Metadata(lpToken1).safeTransfer(feeRecipient, IERC20Metadata(lpToken1).balanceOf(address(this)));
        _transferOwnership(address(0));
    }

Which if the total supply of the vault is not 1000, then this cannot be done and will revert. The issue is, it's hard to meet this condition, and even this condition is met somehow, it's also quite easy to break it by depositing 1 wei of token. This will cause the strategy to be unable to retire.

Impact

The strategy will be blocked to retire.

Code Snippet

    function retireVault() external onlyOwner {
        if (IBeefyVaultConcLiq(vault).totalSupply() != 10**3) revert NotAuthorized();
        panic(0,0);
        address feeRecipient = beefyFeeRecipient();
        IERC20Metadata(lpToken0).safeTransfer(feeRecipient, IERC20Metadata(lpToken0).balanceOf(address(this)));
        IERC20Metadata(lpToken1).safeTransfer(feeRecipient, IERC20Metadata(lpToken1).balanceOf(address(this)));
        _transferOwnership(address(0));
    }

Tool used

Manual Review

Recommendation

Change the condition to a broader range, such that the condition is easier to meet.

Duplicate of #4

sherlock-audit / 2024-05-beefy-cowcentrated-liquidity-manager-judging

y4y - It's possible that the strategy will never be retired #49