Potential Revert on Insufficient Balance Transactions
Summary
In the _withdraw function, if the contract doesn't have enough tokens, trying to transfer them with _asset.safeTransfer will make the transaction fail.
Vulnerability Detail
In the _withdraw function, the contract attempts to transfer tokens using _asset.safeTransfer. If the contract does not have enough balance to fulfill the transfer, the safeTransfer function will cause the transaction to revert.
Impact
It could lead to unexpected transaction failures.
Code Snippet
function _withdraw(address _receiver, uint256 _assets) internal {
// The vault accumulates dust from rounding errors over time, so if we can fulfill the withdrawal from the
// latent balance, we don't need to redeem any yield vault shares.
uint256 _latentAssets = _asset.balanceOf(address(this));
if (_assets > _latentAssets) {
// The latent balance is subtracted from the withdrawal so we don't withdraw more than we need.
uint256 _yieldVaultShares = yieldVault.previewWithdraw(_assets - _latentAssets);
// Assets are sent to this contract so any leftover dust can be redeposited later.
yieldVault.redeem(_yieldVaultShares, address(this), address(this));
}
if (_receiver != address(this)) {
_asset.safeTransfer(_receiver, _assets);
}
}
newt
medium
Potential Revert on Insufficient Balance Transactions
Summary
In the
_withdraw
function, if the contract doesn't have enough tokens, trying to transfer them with_asset.safeTransfer
will make the transaction fail.Vulnerability Detail
In the
_withdraw
function, the contract attempts to transfer tokens using_asset.safeTransfer
. If the contract does not have enough balance to fulfill the transfer, thesafeTransfer
function will cause the transaction to revert.Impact
It could lead to unexpected transaction failures.
Code Snippet
https://github.com/sherlock-audit/2024-05-pooltogether/blob/main/pt-v5-vault/src/PrizeVault.sol#L1054C1-L1067C6
Tool used
Manual Review
Recommendation
Check balance before transfer.