Lines of code
<https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/pools/base/LybraEUSDVaultBase.sol#L284&gt;

Vulnerability details

Impact

poolTotalEUSDCirculation calculated incorerctly so it can effect reward distribution

Proof of Concept

The following line of code deduces repaid amount from poolTotalEUSDCirculation while the fee that is part of repaid amount will be distribute as rewards and won’t be burned . This also happens for poolTotalPeUSDCirculation .
poolTotalEUSDCirculation -= amount;

Tools Used

Manual Review

Recommended Mitigation Steps

Instead use poolTotalEUSDCirculation -= amount;

Assessed type

Other

The text was updated successfully, but these errors were encountered:

All reactions