Handle

danb

Vulnerability details

investedAssets() doesn’t substract the fees owed to the treasury, this makes the system think that it has more than it really has.

Proof of Concept

consider the following scenario:

perfFeePct is 20%.

the system generated 1M dollars yield in aust that it didn’t redeem yet.

besides that, there are 1M dollars in the system, so totalUnderlyingMinusSponsored() is 2M.

after the 1M yield aust are redeemed, 20% will be taken so totalUnderlyingMinusSponsored() will be 1.8M

people who invested before the redeem will not be able to withdraw regularly because their shares are worth less than their deposit amount and they can only withdraw with force, therefore losing 10% of their investment. because 1.8M = 90% * 2M.

The text was updated successfully, but these errors were encountered:

All reactions