Inconsistent Handling of Fixed Side Withdrawals in Ended Vaults
Details
The Lido Vault contract allows users to deposit ETH and participate in Lido staking with both fixed and variable return options. Fixed-side withdrawals are handled differently when the vault ends, especially in loss scenarios where the final ETH balance is lower than the initial fixed-side deposits.
The vaultEndedWithdraw function calculates the amount (sendAmount) to be returned to fixed-side depositors based on vaultEndedFixedDepositsFunds. This value is supposed to reflect the portion of the final balance allocated to fixed users.
However, when the vault ends with losses (vaultEndingETHBalance < fixedSidestETHOnStartCapacity), vaultEndedFixedDepositsFunds is set to vaultEndingETHBalance. This can result in:
Overestimation: In cases of minor losses, fixed-side users might receive more than their fair share.
Potential Loss: In scenarios with significant losses, the calculation may not accurately reflect the reduced share, potentially leading to discrepancies and losses.
This inconsistency can lead to inaccurate distribution of remaining funds to fixed-side depositors, potentially overestimating their share in loss scenarios and causing discrepancies or even losses.
Scenario
A vault starts with fixedSidestETHOnStartCapacity of 1 ETH.
The vault ends with vaultEndingETHBalance of 0.8 ETH (a loss).
A fixed-side depositor tries to withdraw.
The code calculates their share based on vaultEndedFixedDepositsFunds (0.8 ETH), potentially overestimating their entitlement and not accounting for the loss.
Fix
Add a check in vaultEndedWithdraw to ensure the calculated sendAmount doesn't exceed the proportional share of the actual vaultEndingETHBalance:
0xloophole
Medium
Inconsistent Handling of Fixed Side Withdrawals in Ended Vaults
Details
The Lido Vault contract allows users to deposit ETH and participate in Lido staking with both fixed and variable return options. Fixed-side withdrawals are handled differently when the vault ends, especially in loss scenarios where the final ETH balance is lower than the initial fixed-side deposits.
The
vaultEndedWithdrawfunction calculates the amount (sendAmount) to be returned to fixed-side depositors based onvaultEndedFixedDepositsFunds. This value is supposed to reflect the portion of the final balance allocated to fixed users.However, when the vault ends with losses (
vaultEndingETHBalance<fixedSidestETHOnStartCapacity),vaultEndedFixedDepositsFundsis set tovaultEndingETHBalance. This can result in:Code Snippets
https://github.com/sherlock-audit/2024-08-saffron-finance/blob/main/lido-fiv/contracts/LidoVault.sol#L675
https://github.com/sherlock-audit/2024-08-saffron-finance/blob/main/lido-fiv/contracts/LidoVault.sol#L748
Impact
This inconsistency can lead to inaccurate distribution of remaining funds to fixed-side depositors, potentially overestimating their share in loss scenarios and causing discrepancies or even losses.
Scenario
fixedSidestETHOnStartCapacityof 1 ETH.vaultEndingETHBalanceof 0.8 ETH (a loss).vaultEndedFixedDepositsFunds(0.8 ETH), potentially overestimating their entitlement and not accounting for the loss.Fix
Add a check in
vaultEndedWithdrawto ensure the calculatedsendAmountdoesn't exceed the proportional share of the actualvaultEndingETHBalance: