It's possible that the strategy will never be retired
Summary
In the strategy, there is a retireStrategy function which is used to retire strategy and remove all assets from the pool. However, the condition of retiring is quite tedious and may never meet.
Vulnerability Detail
The retireStrategy function only allows contract owner to call it, but there is another check at the start of the function:
Which if the total supply of the vault is not 1000, then this cannot be done and will revert. The issue is, it's hard to meet this condition, and even this condition is met somehow, it's also quite easy to break it by depositing 1 wei of token. This will cause the strategy to be unable to retire.
y4y
medium
It's possible that the strategy will never be retired
Summary
In the strategy, there is a
retireStrategy
function which is used to retire strategy and remove all assets from the pool. However, the condition of retiring is quite tedious and may never meet.Vulnerability Detail
The
retireStrategy
function only allows contract owner to call it, but there is another check at the start of the function:Which if the total supply of the vault is not 1000, then this cannot be done and will revert. The issue is, it's hard to meet this condition, and even this condition is met somehow, it's also quite easy to break it by depositing 1 wei of token. This will cause the strategy to be unable to retire.
Impact
The strategy will be blocked to retire.
Code Snippet
Tool used
Manual Review
Recommendation
Change the condition to a broader range, such that the condition is easier to meet.
Duplicate of #4