Lines of code

Vulnerability details

Lines of code

Vulnerability details

Mitigation of M-08: Issue mitigated with ERROR

Mitigated issue

M-08: Inflation attack in VotiumStrategy

The issue was that the price of afEth and of vAfEth could be inflated by donating underlying assets.

Mitigation review

All balances of underlying assets are now internally accounted in trackedvStrategyBalance, trackedsafEthBalance and trackedCvxBalance. This means that a direct donation of assets has no effect.

Mitigation error

There is a mistake however. In VotiumStrategyCore.withdrawStuckTokens() the withdrawn amount is incorrectly deducted from trackedCvxBalance. The withdrawn amount is precisely the part of the CVX balance which is not accounted for in trackedCvxBalance.
This has no impact on the reported inflation attack, which is thus mitigated.

Other inflation attacks

The reported inflation attack is mitigated, but there are other ways to achieve a price inflation. These are new issues reported separately.

The text was updated successfully, but these errors were encountered:

All reactions